Re: Windows authentication for WAN failure with WAAS

ankit_parikh · ‎01-21-2007

Hello,

As per the WAAS 4.0 config guide, I have registered the edge WAE with the windows domain controller using NTLM v1.0. The 'Show Authentication Window' shows that the registration was successful.

When I simulate a WAN failure and attempt to access the file share, it doesn't work. The file server has been registered and the Core and Edge file services are running at the respective ends. What am I doing wrong here?

Everything works as intended in connected mode. Also is there a documentation on clean WCCP shutdown and how it affects the WAE and the associated router.

thanks

Ankit

Zach Seils · ‎01-21-2007

Ankit,

Is the edge WAE able to reach the Domain Controller when the WAN is down (i.e. is it local)? The edge WAE has to be able to authenticate the user against a Domain Controller.

What specific WCCP information are you looking for?

Zach

ankit_parikh · ‎01-22-2007

hello Zach,

The domain controller is a windows 2003 global catalogue server located at the remote site and it is locally available to the edge WAE.

WCCP configs seem to be correct as redirection is working as intended in the connected mode.

While in disconnected mode, since the file server is at the core site, the request should be rendered by the edge WAE. This is not happening. I am sure there is information in the cache that can be accessed by users during WAN failure.

Ankit

Zach Seils · ‎01-22-2007

Ok, thanks.

Error messages regarding the functionality of Disconnected Mode are placed in the following file:

/local1/errorlog/actona/Rx.internal.log

Can you email me a copy of this file?

Zach

ankit_parikh · ‎01-22-2007

hi Zach,

I am attaching the log with this reply. We are using policy based routing at the remote end. If this makes any difference.

cheers

Ankit

Zach Seils · ‎01-23-2007

Ankit,

According to the log, when the WAE tries to verify it can authenticate against the domain, it fails:

2007-01-21 17:52:10,335 WARN (actona.cifs.auth.WbinfoAuthenticator:66) SelectorThread - WAN_group:0 - WbinfoAuthenticator::canAuthenticate() failed. please join the edge to the domain

Before we switch to Disconnected Mode, we first verify that we can authenticate against the domain. You can simulate this check using the CLI commands:

win d net "rpc testjoin -S "

where = the name of the domain controller.

win d wbinfo -t

Can you please execute these commands and post the output?

Zach

ankit_parikh · ‎01-23-2007

Hi Zach,

here is the output that you requested:

EdgeWAAS#win d net "rpc testjoin -S TESTBENCHGC"

Join to 'Domain' is OK

EdgeWAAS#win d wbinfo -t

checking the trust secret via RPC calls succeeded

I have changed the name of the domain in the output.

It does show thr correct domain name.

Ankit

ankit_parikh · ‎01-23-2007

I forgot to mention one thing. TESTBENCHGC is a global catalogue server for the remote site. It is registered with the main domain controller at the Core site.

Ankit

Zach Seils · ‎01-23-2007

Is TESTBENCHGC the server you registered the WAE with?

Can you email me a sysreport from the WAE to seils@cisco.com?

Zach

ankit_parikh · ‎01-24-2007

Yes. WAE is registered with Testbenchgc.

I have emailed the report.

thanks

Ankit