Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Authentication problems with users on terminal server

I have the following problem with the way the pix authentication works . It only maps a username to a ip address. The pix only authenticates machines and not users. This is a problem because if you have 50 users who use a terminal server like win2k or citrix you cant enable authentication because of the way the auth works. The very first person who connects to the internet from the terminal server will get prompted for authentication thereafter all other users on the terminal server are able to browse using this persons account and will never get prompted for authentication. I have opened a TAC case regarding this and there is no workaround that can be supplied by TAC. My cisco account manager has put this forward as a feature request but the time to get this resolved is unknown and we will be loosing customers if we cant find a workaround for this problem. Has anyone experienced the same problem and found a solution that can be used until cisco upgrade the authentication on the pix?

4 REPLIES
Silver

Re: Authentication problems with users on terminal server

The best solution would be to reorganize the way your accounting takes place. The PIX cannot be used for this, so utilize one generic account and have the authentication and accounting for this authentication occur prior to reaching the terminal server.

New Member

Re: Authentication problems with users on terminal server

I would agree but our clients outsourced the security to us and dont have the skills or dont want to do it this way. So Im going to have to wait for Cisco to fix the problem and possibly loose a few clients.

New Member

Re: Authentication problems with users on terminal server

What about deploying an ACS server?

New Member

Re: Authentication problems with users on terminal server

I am currently using AAA with tacacs. This still wont solve the problem. There is a fundamental flaw in the authentication system on the pix which wont allow for multiple users being authenticated all coming from 1 ip address.

100
Views
0
Helpful
4
Replies
CreatePlease login to create content