04-10-2008 06:59 AM
ASA 5510 v8.0(3)
I've got our asa SSL/VPN setup with an AAA server (using ldap) and users can login just fine.
The only thing we have it configured for is to use the rdp plugin. We got a couple of bookmarks setup that send the users to internal windows 2003 terminal servers. That works fine.
Now, I'm trying to get the auto signon feature to work properly. (we don't have siteminder or the SAML profile) If I understand this right, I don't need those two thirdparty features to get this working. Is this correct?
All I've done is add the follwing commands:
webvpn
enable outside
enable inside
tunnel-group-list enable
auto-signon allow ip 10.10.1.0 255.255.255.0 auth-type ntlm
According to the ASA 8.0 Congfiguration guide, that should do it. But, when access one of our bookmarks, it connects just fine, but still prompts for the username and password. I've configured the group policy to inherit the auto sign settings (and pretty much everything else).
Can someone maybe recommend something I may be overlooking here? Do I need to configure something further on my terminal server that accepts this NTLM request?
------------------
A little more info: When I don't enable the auto signon, the rdp plugin works just fine and I can easily get the sign on screen to my terminal server. However, when I enable anything in the auto signon, the rdp client launches, but it stays as a tiny little box in center of the screen and it'll eventually timeout and close. This little tiny box isn't expandable either. I've tried degugs, but don't see anything. No errors on the terminal server itself either.
04-16-2008 08:54 AM
You can do the Auto Sign-on through Smart Tunnel. While the smart tunnel now allows Java applet to work for some application, single sign on no longer works for it. Try creating a bookmark for the application and enable the ST option. This is a Smart Tunnel limitation (auto-signon does not work with it).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide