01-19-2007 11:15 AM - edited 03-10-2019 02:55 PM
Replaced a 10 year old failing system with an ASA5510(asdm5.2, asa52) and and IAS server. The users do NOT want to see the authentication window, nor do anything on it. That was not needed with the old system and its client software.
To keep my job I have had to increase the ASA timeout value more then I feel comfortable with.
Is is possible to configure either the IAS server (or ASA) to use the Windows credentials? Then I can set the timeout values to something much more secure.
01-20-2007 12:51 PM
Yup that is no problem. Have look at following doc, it explains how to config the ASA to talk to the IAS.
01-22-2007 05:48 AM
Allow me to clairify. I am looking for a way for the users NOT to be prompted for username and password.
I am currently using the ASA and IAS to get to the internet to post this message. So the prombem is not how to get IAS to work, but how to do authentication without user input of username and password. My users would like such authentication info to come automatically from the computer they are logged in on.
01-23-2007 07:29 AM
Actually i haven't been able to test the passing of the credentials from windows to the VPN client but if you have a look at the VPN Client Administration Guide you can see following options for the *.pcf (profile) file.
MSLogonType=0 (pass the windows credentials)
In case you have set this flag to 0 i stumbled across another parameter. It's seems to be only for NT Domains but maybe it hast to be set anyway.
NTDomain=
Reference:
Hope it helps
Roble
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide