Auto-Signon issue with RADIUS authentication

Unanswered Question
May 28th, 2008

Hi all, i post again a question Posted by ronin2307 on Nov 27, 2007, 9:40am PST

I HAVE THE SAME ISSUE WITH 8.0.3 release!

Hi,

we have a fairly simple configuration running on our ASA and try to make use of the webvpn on occasion. The feature used to work great with 7.2, but after we upgraded to 8.0 we started having problems.

Basically an user (network admin) can log in through the webvpn interface (authenticated by a RADIUS server) and see the links to network shares we provide, click on them and at that point the user is promptedfor credentials again. upon entering them then message comes up that the access to the resources has been blocked due to security reasons.

Now to me that makes no sense whatsoever. I have already run the following command:

auto-signon allow ip 192.168.1.0 255.255.255.0 auth-type ntlm

to try to prevent the second credentials prompt but to doesn't do anything.

I also tried to capture the webvpn traffic, according to the user manual, but now i have a zip file that contains bunch of files, I cannot read (except notepad, but that doesn't help a lot). Ethereal will not open the files. I couldn't get to display the capture in the browser as described in the manual.

can anybody give me an idea on what to do to troubleshoot this problem? Thank you very much.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Tue, 06/03/2008 - 12:55

For single sign on using NTLM on a webVPN set up, you need to ensure you configure it through the command line. Did you use the ASDM for this single sign on? To configure auto-signon for all WebVPN users to servers with IP addresses ranging from

10.1.1.0 to 10.1.1.255 using NTLM authentication, for example, enter the following

commands:

hostname(config)# webvpn

hostname(config-webvpn)# auto-signon allow ip 10.1.1.1 255.255.255.0 auth-type ntlm

http://www.cisco.com/en/US/docs/security/asa/asa71/asdm51/selected_procedures/asdmsso.html

Actions

This Discussion