Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
3
Replies

Is automatic Windows Authentication posible with ASA?

hetteldorf
Level 1
Level 1

‎01-19-2007 11:15 AM - edited ‎03-10-2019 02:55 PM

Replaced a 10 year old failing system with an ASA5510(asdm5.2, asa52) and and IAS server. The users do NOT want to see the authentication window, nor do anything on it. That was not needed with the old system and its client software.

To keep my job I have had to increase the ASA timeout value more then I feel comfortable with.

Is is possible to configure either the IAS server (or ASA) to use the Windows credentials? Then I can set the timeout values to something much more secure.

Labels:
0 Helpful
3 Replies 3

Roble Mumin
Level 3
Level 3

‎01-20-2007 12:51 PM

Yup that is no problem. Have look at following doc, it explains how to config the ASA to talk to the IAS.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

0 Helpful

hetteldorf
Level 1
Level 1
In response to Roble Mumin

‎01-22-2007 05:48 AM

Allow me to clairify. I am looking for a way for the users NOT to be prompted for username and password.

I am currently using the ASA and IAS to get to the internet to post this message. So the prombem is not how to get IAS to work, but how to do authentication without user input of username and password. My users would like such authentication info to come automatically from the computer they are logged in on.

0 Helpful

Roble Mumin
Level 3
Level 3
In response to hetteldorf

‎01-23-2007 07:29 AM

Actually i haven't been able to test the passing of the credentials from windows to the VPN client but if you have a look at the VPN Client Administration Guide you can see following options for the *.pcf (profile) file.

MSLogonType=0 (pass the windows credentials)

Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_administration_guide_chapter09186a00800bd98d.html#wp1157859

In case you have set this flag to 0 i stumbled across another parameter. It's seems to be only for NT Domains but maybe it hast to be set anyway.

NTDomain=

Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_administration_guide_chapter09186a00800bd98d.html#wp1157819

Hope it helps

Roble

0 Helpful
Customers Also Viewed These Support Documents