cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2804
Views
0
Helpful
7
Replies

Login Format

Daniel Stefani
Level 1
Level 1

Hi,

It is possible for users to authenticate using only the format "username" instead of "DOMAIN \ username" if the proxy asks for authentication?

Daniel Stefani

7 Replies 7

donnylee
Cisco Employee
Cisco Employee

Hi Daniel,

It is possible to authenticate using only instead of \.

regards,

-donny

Hi Donny,

How can i authenticate using only? What configuration on WSA i need to do ?

When i try to authenticate using username only, i get the follow message:

Tue Feb 28 08:54:00 2012 Info: PROX_AUTH : - : Login for user []\[sng.convidado]@[NVAO-DSTEFANI] failed due to [No such user]

sng.convidado is my username from AD Domain and NVAO-DSTEFANI is my PC.

My WSA is configured to use the scheme NTLMSSP or Basic.

regards,

Daniel Stefani

Hi Daniel,

Based on the message, you logged in using the machine name instead of the domain name.

If your OS on PC is Windows7 or Vista, the issue could be caused by the new Windows feature called "Network Connectivity Status Indicator" or NCSI. There is a knowned issue with NCSI that it will send the machine name instead of user credential when NTML authentication is required. Since the machine name is most likely not part of the domain, the authentication will fail.

There is a Microsoft KB with information about NCSI,

http://technet.microsoft.com/en-us/library/cc766017(WS.10).aspx

You may disable NCSI and try again.

regards,

Donny

Hi Donny,

The solution is simpler than I thought

My Identity  was configured to use the Authentication Scheme "NTLMSSP"  only, but when I changed to "Basic or NTLMSSP",  the proxy accepted  two authentication method : "username" only or "Domain\username".

So my problem was solved.


thank you

Daniel Stefani

Hi Daniel,

Wow! That's great!!

Sorry, I went a little bit too far before checking how you set the authentication level.

Cheers,

Donny

Thanks - I fell over the NCSI just today, couldn't figure out why a Windows 7 host suddenly started authenticating using DOMAIN\machinename instead of DOMAIN\username, and no end of reboots would change that. Disabling NCSI by changing that registry setting fixed that.

Thanks again!

Another way to deal with NCSI (assuming you want to leave it on for network awareness features) is to turn off requiring authentication for that User Agent.  The agent string is "Microsoft NCSI"