transparent user authentication verification

mulhollandm · ‎12-04-2013

folks

following authentication problems we've implemented two cda servers to use for transparent user authentication

i've configured the existing ntlm domain to use the cda servers and allowed the radius traffic through my firewall

i've created an identity to identify users in the ntlm realm transparently and to force auth if that fails

i've created an access policy which calls the identity above but when i test this its not working

i can get intranet and internet access but if i clear the authcache and then try to access a https site if fails and doesn't prompt for authentication

does anyone know how i can verify the wsa is using the transparent auth and why i don't get a prompt for the https site

thanksd to anyone taking the time to reply

mulhollandm · ‎12-05-2013

folks

anyone with any views or experiences?

Tom Foucha · ‎12-06-2013

You can set the auth log to a highly logging level using the logconfig command and then tail the log while surfing. Also you can add the variable %m to the accesslog and it will add the authenticaiton method to the accesslog.

386349299.719 976 192.168.2.101 TCP_MISS/200 93399 GET http://www.yahoo.com/ "SSALAB\xxxxxx@SSALAB" DIRECT/www.yahoo.com text/html DEFAULT_CASE_12-SSALABXPMachinePol-SSALXPMachine-NONE-NONE-NONE-DefaultGroup - 206.190.36.45 "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" NTLMSSP