The MACs are using AD authentication but if I use the Safari browser the end user is prompt for their username/password every time they go to a different web page. Safary does not work with NTLM. If we run Firefox or Opera, it works fine because the browser sends the AD credentials in the background to the WSA.
Unfortunately, 95% of the MAC users use Safari.
With 7.5, you can choose to use the ADAgent. its a separate piece of software that gets the login events from the domain controllers and feeds them to the WSA (and ASA running 8.4). That way, the user is id'd at login, not at first browse. No login prompt for anyone, regardless of browser. We have some software at checks for licensing over the net that we couldn't add to the " don't auth " set, so we had the users just open a browser first... not an issue, the user is already authed.
it does have some limits. 8 machines/per user at any one time. Multiple users on a machine (e.g. Citrix) shows up as the last user that logged in... but it fixes a bunch of other stuff.
Sent from Cisco Technical Support iPad App
This is great info Ken, it will fix a bunch of stuff. Do you know if that Cisco ADAgent needs to be purchased or can be downloaded by existing IronPort customers?
So, the rumor is that 7.5 will be available by the end of March, right?