Our issue here is that when we run a policy trace on any of our AD users - it doesnt seem to pull any group information and does not match any policies either.
However if i try access an URL like www.google.ie and monitor the activity from the cli - i cann see that the user has in fact had certain policies applied to it.
Does anyone have any suggestions as to how resolve this.
Running the command testauthconfig - completes successfully.
What version of wsa are you running?
Also when typing in the username for the Policy trace include the domain name in all caps. For example. CISCO\test
The domain name needs to be all caps in order to match correctly. If that still does not work, let me know.
Customer Support Engineer
Cisco IronPort - Web Security Appliances
Cisco Technical Assistance Center RTP
United States Ironport: 1-877-641-IRON (4766)
I tried what you requested, but still no luck.
I can search for a user in the root domain and it will display policy information for that user. However if i specify a user in a subdomain i get nothing back.
Cisco support seem to be suggesting that the Policy trace utilty is useless and that i should use the cli for any tracing - which is what i have been doing.
The policy trace utilty would be handy though as its easier than deciphering the squid type logs.
Policy trace is not useless. However it is just another test. I would recommend using it as a confirmation of what you expected to happen. The real explanation of what will happen inside your box is the access-logs.
Can you take a screenshot of your test for me? Also when you say subdomains, what do you mean? Other domain names?