1. Getting rid of Authentication pop-ups in a browser for a user logged into the domain.
2. Even if I try to authenticate, it won't let me.
My NTLM realm looks like this, running ASyncOS 5.1.2 S650
Active Directory Domain = DOMAIN.WFISD.NET NetBIOS Domain = DOMAIN
Told the ironport to create it's user account webgate$ in DOMAIN/Domain Controllers
However, in an attempt to troubleshoot, I have created the webgate$ account in various other places by rejoining the ironport to our domain.
The NTLM test works fine, but every time we open a brower it prompts for credentials. LDAP works great, but I am unable to authenticate at all using NTLM SSP. I have added all the domain groups from the directory lookup in the web policy, and I have also tried entering single usernames to see if the authentication works. All to no avail.
How are your clients connecting to the proxy? Are they explicitly configured to used the WSA or transparently redirected. This will make a big difference as to why transparent credentials are not working.
Also, I highly recommend upgrading to the latest 5.2 version of the WSA, as the authentication code was completely changed and made much better.
When you are prompted for credentials, they are never accepted? Are you entering the domain in with the credentials? The domain is case sensitive as well. It is typically in all CAPS.
Proxy mode on the WSA is set to transparent. I have also put the DNS name of the WSA in it's config file as the prox.etc.transparentauthserver value. The clients are set to specifically set to use the proxy DNS name in their browser.
Have tried adding a trust in IE7 and Firefox to no avail.
I am able to enter my credentials after all. That was an issue with our AD and Edir. not syncronizing. Got that fixed.
As far as I know I am at the latest ASyncOS version 5.2.1-052
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :