Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Issue with CE510 with NTLM authentication


I have a wird situation that i'd like to share to see if anyone can help me.

I have a CE510 doing caching and content filtering. The LAN users, when accessing the Internet, are authenticating using NTLM on a W2K Server (active directory).

The problem i have is that very often, randomly, the MS IE asks for reauthentication but i have a much longer reauthentication time configured on the CE510.

I'd been working on this issue for a long time and after doing some network sniffing, i found the CE510 and the W2kServer are also "speaking" LDAP protocol.

Please take a look at the configuration below.


ACNS version 5.3.5


hostname CCE-510


http authentication cache timeout 1440

http authentication cache ttl 1440

http cache-cookies

http object max-size 1492

http avoid-multiple-auth-prompts

http proxy incoming 8000 8080 9090

http proxy outgoing origin-server

http max-ttl hours text 4 binary 8


ftp-over-http proxy incoming 8000 8080 9090

ftp-over-http max-ttl days directory-listing 4 file 8

ftp-over-http proxy active-mode enable


ip domain-name


no gui-server enable


https proxy incoming 8000 8080 9090


interface GigabitEthernet 1/0




interface GigabitEthernet 2/0

ip address

mtu 1453



ip default-gateway


no auto-register enable


ip name-server


logging console enable

logging console priority debug

logging disk priority debug

logging disk filename /local1/syslog5.txt


no bypass load enable


wccp router-list 1

wccp port-list 1 8000 8080 9090

wccp web-cache router-list-num 1

wccp rtsp router-list-num 1

wccp dns router-list-num 1

wccp ftp-native router-list-num 1

wccp https-cache accept-all

wccp https-cache router-list-num 1

wccp service-number 90 router-list-num 1 port-list-num 1 application cache

wccp version 2


websense-server service policy local activate

websense-server service eim activate

websense-server service user activate


username admin password 1 <removed>

username admin privilege 15

username smartfilter password 1 <removed> uid 2001

username smartfilter privilege 15


ldap server base "dc=customer,dc=com"

ldap server userid-attribute cn

ldap server host primary

ldap server host secondary

ldap server administrative-dn "cn=Administrador,cn=users,dc=customer,dc=com"

ldap server administrative-passwd <removed>

ldap server version 3


ntlm server host

ntlm server host

ntlm server domain customer

ntlm server enable


authentication login local enable

authentication configuration local enable primary


access-lists 300 permit groupname customer\internet

access-lists 300 deny groupname any

access-lists enable


no url-filter http websense allowmode enable

url-filter http smartfilter enable




I'd like some help on this.


Re: Issue with CE510 with NTLM authentication

You may be running into a bug here:CSCdy59217

CreatePlease to create content