Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Issue with CE510 with NTLM authentication

Hi!

I have a wird situation that i'd like to share to see if anyone can help me.

I have a CE510 doing caching and content filtering. The LAN users, when accessing the Internet, are authenticating using NTLM on a W2K Server (active directory).

The problem i have is that very often, randomly, the MS IE asks for reauthentication but i have a much longer reauthentication time configured on the CE510.

I'd been working on this issue for a long time and after doing some network sniffing, i found the CE510 and the W2kServer are also "speaking" LDAP protocol.

Please take a look at the configuration below.

############

ACNS version 5.3.5

!

hostname CCE-510

!

http authentication cache timeout 1440

http authentication cache ttl 1440

http cache-cookies

http object max-size 1492

http avoid-multiple-auth-prompts

http proxy incoming 8000 8080 9090

http proxy outgoing origin-server

http max-ttl hours text 4 binary 8

!

ftp-over-http proxy incoming 8000 8080 9090

ftp-over-http max-ttl days directory-listing 4 file 8

ftp-over-http proxy active-mode enable

!

ip domain-name customer.com

!

no gui-server enable

!

https proxy incoming 8000 8080 9090

!

interface GigabitEthernet 1/0

shutdown

exit

!

interface GigabitEthernet 2/0

ip address 192.168.2.100 255.255.0.0

mtu 1453

exit

!

ip default-gateway 192.168.0.253

!

no auto-register enable

!

ip name-server 192.168.0.3

!

logging console enable

logging console priority debug

logging disk priority debug

logging disk filename /local1/syslog5.txt

!

no bypass load enable

!

wccp router-list 1 192.168.0.252 192.168.2.10

wccp port-list 1 8000 8080 9090

wccp web-cache router-list-num 1

wccp rtsp router-list-num 1

wccp dns router-list-num 1

wccp ftp-native router-list-num 1

wccp https-cache accept-all

wccp https-cache router-list-num 1

wccp service-number 90 router-list-num 1 port-list-num 1 application cache

wccp version 2

!

websense-server service policy local activate

websense-server service eim activate

websense-server service user activate

!

username admin password 1 <removed>

username admin privilege 15

username smartfilter password 1 <removed> uid 2001

username smartfilter privilege 15

!

ldap server base "dc=customer,dc=com"

ldap server userid-attribute cn

ldap server host 192.168.0.3 primary

ldap server host 192.168.0.4 secondary

ldap server administrative-dn "cn=Administrador,cn=users,dc=customer,dc=com"

ldap server administrative-passwd <removed>

ldap server version 3

!

ntlm server host 192.168.0.3

ntlm server host 192.168.0.1

ntlm server domain customer

ntlm server enable

!

authentication login local enable

authentication configuration local enable primary

!

access-lists 300 permit groupname customer\internet

access-lists 300 deny groupname any

access-lists enable

!

no url-filter http websense allowmode enable

url-filter http smartfilter enable

!

End

#################

I'd like some help on this.

1 REPLY
Silver

Re: Issue with CE510 with NTLM authentication

You may be running into a bug here:CSCdy59217

290
Views
0
Helpful
1
Replies
CreatePlease to create content