05-22-2014 01:36 AM - edited 03-11-2019 09:13 PM
configure identity policies to require active authentication,but no login form display, why?
1Define realm which contain one AD
2Define identity policy
3Define identity policy object
4Define access policy,specify Identity policy objects as part of the source field
5Enable Auth proxy in ASA service policy
thanks
05-22-2014 06:46 AM
Does your AD server status in CDA show up as good (green check box)?
Does your AD Agent connection in PRSM test successful (Device > AD Agent > Test)?
Back at CDA, does PRSM show up as a registered device?
Is CDA mapping users to IP addresses when they authenticate to AD?
If all that is working, please share your configured service-policy and related objects on the ASA as well as your access policy from PRSM.
05-22-2014 06:26 PM
05-25-2014 12:53 AM
Hi,
The config seems ok. What is the exact behaviour? Does the requested web page load without any authentication or do you receive an error?
05-25-2014 06:44 PM
thanks radu
no AD login windwos show
the requested web page does not load
the url bar just show:http://192.168.10.1:1025/?redirect_id=63a01419d3d6e2799da3d8279428bba2fa176c47
05-25-2014 11:43 PM
Hi,
Can you try the following command on the ASA following an authentication attempt? Also, can you issue a "show run policy-map", "show run service-policy" and "show nameif" command?
/pri/act# show asp table classify domain cxsc-auth-proxy hits
Input Table
in id=0x7fff2b967190, priority=121, domain=cxsc-auth-proxy, deny=false
hits=55144, user_data=0x7fff2b966e80, cs_id=0x0, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=10.237.4.1, mask=255.255.255.255, port=885, tag=0, dscp=0x0
input_ifc=lanwsp, output_ifc=identity
in id=0x7fff2b96e760, priority=121, domain=cxsc-auth-proxy, deny=false
hits=33077, user_data=0x7fff2b96e450, cs_id=0x0, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=10.237.8.1, mask=255.255.255.255, port=885, tag=0, dscp=0x0
05-26-2014 01:13 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide