The MACs are using AD authentication but if I use the Safari browser the end user is prompt for their username/password every time they go to a different web page. Safary does not work with NTLM. If we run Firefox or Opera, it works fine because the browser sends the AD credentials in the background to the WSA.
With 7.5, you can choose to use the ADAgent. its a separate piece of software that gets the login events from the domain controllers and feeds them to the WSA (and ASA running 8.4). That way, the user is id'd at login, not at first browse. No login prompt for anyone, regardless of browser. We have some software at checks for licensing over the net that we couldn't add to the " don't auth " set, so we had the users just open a browser first... not an issue, the user is already authed.
it does have some limits. 8 machines/per user at any one time. Multiple users on a machine (e.g. Citrix) shows up as the last user that logged in... but it fixes a bunch of other stuff.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...