WSA active directory authentication with 3 servers

betcheverria · ‎04-11-2012

I would like to know hos NTLM authentication works when The NTLM REALM is cofigured with 3 servers.

- Is the authentication load balanced on the 3 servers.or only on one

-If the authentication is rejected by the first server what happens ?

-How WSA know that a server is down

Chris Illsley · ‎04-11-2012

Hi,

I don't know if it is load balanced, but my guess is probably not and it would try sequentially.

Assuming this is one realm, if the authentication is rejected it will be rejected, but you wouldn't expect different AD servers in the same realm to behave differently anyway.

See below from documentation:

"Note: When multiple authentication servers are configured in the realm, the appliance attempts to authorize with up to three authentication servers before failing to authorize the transaction within this realm."

It's after this when you want to decide if the IronPort should fail open or fail closed.

Thanks

Chris

betcheverria · ‎04-12-2012

Bonjour,

Thanks for your help

Bernard

WSA active directory authentication with 3 servers

ISE - Active Directory Identity Source

3.5 Active Directory Identity Source

Integração Cisco ISE + Active Directory

ASA - Active Directory(LDAP)連携の設定例

Configure SSL VPN Authentication through FTD, ISE, DUO and Active Directory