cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1987
Views
4
Helpful
3
Replies
Stafford Rau
Beginner

Client authentication without specifying the AD domain?

I'm hoping this will be a simple enough question.

We have a pair of Ironport S370s managed by an M670 for web content filtering and reporting. We have "Use Basic or NTLMSSP" for the authentication scheme, and users who use IE as their browser are being transparently authenticated as expected.

For non-Windows clients, or users who use anything other than IE, when they get the authentication popup, they have to enter DOMAIN\username and their AD password for authentication to work. Is there a way to configure authentication so that they only need to enter their username and password, without prefixing the Active Directory DOMAIN\?

Thanks much,

--Stafford

3 REPLIES 3
Jeffrey Ness
Beginner

Did you ever find a resolution to this? I am having an issue with Basic authentication for HTTPS sites and users having to prefix their username with the domain name (even in Internet Explorer).

There is another post here, they fixed it by just going with NTLMSSP.

Or you could go to 7.5, and deploy the AD Agent, which gets the login info from AD security logs...

https://supportforums.cisco.com/thread/2134087

I was able to get this to work on Basic only by selecting only the Active Directory realm in the Identity (which btw wipes out {understandably} any Users/Groups defined under the identity in the Access Policies) and not using the syntax domain\username in my list of users under the Access Policy's Identity settings (and just using username or groups).

I'm waiting for some information from support on the AD Agent to see if it would work in our scenario (generic PC users), but 7.5 got pulled due to some issues until they can be fixed in an unscheduled release 7.5.1.

Content for Community-Ad