"WWW_AUTH_REQUIRED"

jilahbg · ‎02-09-2011

Hello

I am doing a new implementation of WSA and have problem allowing access for guest users. The WSA authenticates domain users towards AD and as long as the user ahtenticates I can build policies depending on group membership. But I want also unauthenticated users some internet access. This is the policies I´ve built, just for testing

Order 1: Domain admins, member of group Domain Admins. identity: AD. Block one url category just for testing.

Order 2: authenticated users. Identity: AD. Somewhat tweaked policies for testing.

Order 3: "Faild authentications". identity: All. Guest Privileges for users failing authentication. Block most categories.

Global Policy.

When I fire up a browser in a non-domain-member-PC I get a login-prompt for username/password. (Can I get rid of that for guests?) and if I Escape out of that authentication I get an "WWW_AUTH_REQUIRED" error message from WSA.

What am I doing wrong here?

/Jimmy

jowolfer · ‎02-09-2011

The problem is most likely that the browser doesn't trust the WSA in order to send credentials transparently.

This is most commonly due to one of the following conditions:

The transparent redirect hostname is a FQDN instead of a single word hostname. This is configured at: GUI -> Network -> Authentication
You're using FF and you haven't changed the about:config -> network.automatic-ntlm-auth.trusted-uris to include the transparent redirect hostname

The browser has to trust the WSA in order to send the local machines credentials and then fail to guest policies.

Cheers,

Josh