12-28-2012 04:50 AM
Hi All,
Noticed the following errors in the iron port device.
Users are having issues with network printers..
PROX_AUTH : - : NTLM CRAP authentication for user [] returned NT_STATUS_ACCOUNT_EXPIRED (PAM: 17)
PROX_AUTH : - : Login for user [EE]\[user] failed due to [Account expired]
PROX_AUTH : - : NTLM CRAP authentication for user [] returned NT_STATUS_ACCOUNT_EXPIRED (PAM: 17)
PROX_AUTH : - : Login for user [EE]\[user] failed due to [Account expired]
PROX_AUTH : - : NTLM CRAP authentication for user [] returned NT_STATUS_ACCOUNT_EXPIRED (PAM: 17)
PROX_AUTH : - : Login for user [EE]\[user] failed due to [Account expired]
PROX_AUTH : - : NTLM CRAP authentication for user [] returned NT_STATUS_ACCOUNT_EXPIRED (PAM: 17)
PROX_AUTH : - : Login for user [EE]\[user] failed due to [Account expired]
Not an expert...any help appreciated..
Thanks..
01-08-2013 12:42 PM
Hi Rajesh,
Please check the user account used to join the WSA to the domain. It may be that the user acount used is expired.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator
01-11-2013 05:46 AM
Hello Sir
i have S370 WSA, i am trying to configure NTLM authentication but failed joined the domian..getting following error message while connecting..
Attempting to get TGT...
Failure: Error while fetching Kerberos Tickets from server 'dskglobal.com' :
kinit: krb5_get_init_creds: Client (ironport$@DSKGLOBAL.COM) unknown
can you please helpme to fix this
Thanks
Nilesh
01-11-2013 08:15 AM
Some things to check/change....
Are your DC's entered as names or IPs?
Are your time settings correct?
Does the "ironport" computer account exist in AD? Is it disabled?
01-12-2013 02:05 AM
Hello Sir,
Our DC entered as names but i have tried to enter by ip still it doesnt work.
Yes the device itself shows that the time variation is in between the specofied limit.
"ironport" computer account is not there in AD, you mean to say computer account needs be created manually ?
and which user i have to use to while joining to domain ? any user with Domain admin rights ?
Thanks
Nilesh
01-12-2013 05:00 AM
Hello Sir,
Finally Its Done!!!
now all the DC users are integrated in ironport, but i have one more issues with this..
i have crerated one access policy for single computer in which i have given a specific AD group..
whenever i am trying to access the internet on that computer it is asking for username passowrd..but it works with any AD user....only specified groups member should get authenticate..but it will get auteticate with any AD user other than specified group of users..
basically i wanted assign internet access as per the group..so only specified groups should get authenticate...not all
can you please help me in this...
Thanks
01-22-2013 01:14 PM
Hi Nilesh,
I might be wrong, but there has to be the way for WSA to differentiate which users should be authenticated and which not. When you are creating identities, try adding IP address of that machine and create separate policy using that identity.
Let me know if it helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide