10-23-2014 01:13 PM
I have a single authentication realm set up for all of my users. I have my Ironport WSA in transparent mode using WCCP from my ASA's. Every single user authenticates without a prompt except for one generic user that several workstations use. When they try to go to the internet they get prompted with a dialogue box from IE. If they put in the proper credentials, they can access the internet. I need to find out why they are getting prompted in the first place and that the Single Sign on feature of IE isn't working.
10-23-2014 01:24 PM
Is the generic user part of the domain? have you verified user membership group wise?
10-23-2014 01:28 PM
Yes, user is part of the domain and group memberships have been verified. If I do a policy trace for that user, the Ironport returns the correct user group membership and identity policy. And to add some additional information I forgot, if anyone else logs on to that computer it works fine...its just for this user.
10-23-2014 01:37 PM
Is there something being done specifically with this user account via group policy? Does entering in the generic creds actually work when prompted?
Something we use to go was assign a dummy proxy to different routes to the windows router table as this account was a generic used everywhere account we didn't want it to get to the internet cause we could track it to a specific user so we just didn't allow it period.
10-23-2014 01:30 PM
I seem to remember something about a limit of 8 IPs to a user at any one moment...
I'm still digging for the docs on it.
10-23-2014 01:43 PM
If that's the case, you may have exclude these devices from authentication.
10-27-2014 05:28 AM
Have you found out if there is an IP limit? This is still happening and is causing some service disruption at this time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide