12-04-2013 02:11 PM
folks
following authentication problems we've implemented two cda servers to use for transparent user authentication
i've configured the existing ntlm domain to use the cda servers and allowed the radius traffic through my firewall
i've created an identity to identify users in the ntlm realm transparently and to force auth if that fails
i've created an access policy which calls the identity above but when i test this its not working
i can get intranet and internet access but if i clear the authcache and then try to access a https site if fails and doesn't prompt for authentication
does anyone know how i can verify the wsa is using the transparent auth and why i don't get a prompt for the https site
thanksd to anyone taking the time to reply
12-05-2013 06:27 AM
folks
anyone with any views or experiences?
12-06-2013 09:07 AM
You can set the auth log to a highly logging level using the logconfig command and then tail the log while surfing. Also you can add the variable %m to the accesslog and it will add the authenticaiton method to the accesslog.
386349299.719 976 192.168.2.101 TCP_MISS/200 93399 GET http://www.yahoo.com/ "SSALAB\xxxxxx@SSALAB" DIRECT/www.yahoo.com text/html DEFAULT_CASE_12-SSALABXPMachinePol-SSALXPMachine-NONE-NONE-NONE-DefaultGroup
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide