Issue authentication on ironport S370

FREDERIC DUBOIS · ‎04-16-2015

Users are having issues with authentication.

My users have a problem of connection with the proxy Ironprort punctually .At level of logs Access on this one, we have:

172.19.56.1 TCP_DENIED/407 0 CONNECT tunnel://accounts.google.com:443/ - NONE/- - OTHER-NONE-Authentification_AD-DefaultGroup-NONE-NONE-NONE

172.19.56.1 TCP_DENIED/407 0 CONNECT tunnel://www.google.fr:443/ - NONE/- - OTHER-NONE-Authentification_AD-DefaultGroup-NONE-NONE-NONE

In logs, we have loss of the authentication on the user when we let us be from the point of view of addressing 172.19.56.1 but if used the user in addressing 172.16.40.71, the authentication is good and my user can surf.

Not an expert...any help appreciated..

Thanks..

Handy Putra · ‎04-21-2015

Hi,

TCP_DENIED/407 does not necessarily there is issue with authentication, this HTTP code basically advising that the request require authentication and authentication been requested.

Does the user receive any pop up to enter their credentials? if it does, when authentication method that you are using, are you using NTLMSSP or LDAP(basic authentication)?

If your authentication method is using NTLMSSP, in working scenario, user will not be prompt up with credential pop up and depending on the surrogate use, TCP_DENIED/407 will still occurs in the logs for authentication request. If the pop up occurs, check the connection between WSA with the AD server and check if there are no error (do the testauthentication from the authentication realm in the GUI or CLI with testauthentication command)

If you are using basic(LDAP) authentication, pop up for credential is expected and TCP_DENIED/407 will still occurs and after those logs, it will show another log with user credential information in the log and normally with TCP_MISS/200 as the HTTP code