Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Transparent User Authentication through AD

Created: 05 Nov 2009 • Updated: 01 Mar 2011 | 7 comments
alveden's picture
This issue has been solved. See solution.

Have configure user authentication using LDAP and NTLM, and also configured the policies to use Authentication, with "Authenticated, no enforce" on. Symanted DCInterface is installed in AD.

However, some end-users are still getting prompt on and off. Anyone faced this problem. NTLMv1 is enable on all clients.

Anyway to configure this box to be truely transparent and is there any log files that can be give any clue to the authentication process. The GUI does not provide any logs at all.

Discussion Filed Under:

Comments 7 CommentsJump to latest comment

Sergi Isasi's picture

Alveden,

I would recommend working with Support to get specific answers to your questions - but generally speaking you do not need both DCinterface and NTLM on.  If you've installed DCinterface, you can turn NTLM off since logins will be captured on the DC itself.

Senior Product Manager - Web Gateway

BernardoSW's picture

Hi guys,

What would SWG's behavior be if we have the DCInterface on and a machine that is not part of the domain tries to access the Internet?

Will there be a popup asking for authentication and then the user can type in his domain credentials?

Thanks,

Bernardo

Sergi Isasi's picture

Bernardo,

Depends on whether or not you enable NTLM and create an authentication policy for that IP. 

If you do not, there will be no user popup or authentication on the user side at all and a non-domain user will get the applicable IP based policy applied to them.  If no IP based policy exists for the user IP, they will get the default policy.

If you enable NTLM and choose to authenticate that user's IP, the user would get prompted if they are not already logged onto the domain.

SI

Senior Product Manager - Web Gateway

KevK76's picture

You might to check out this KB that talks about the two methods of identifying end users:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009111011140954

 

One thing incorrect in the KB is that we are now Supporting both methods on AD 2008.

Kevin

Cricket17's picture

"For more information see Chapter 6 of the Implementation guild. The guild is available here:"

I think it means GUIDE not Guild

Sergi Isasi's picture

Hah - good catch.  I'll have it changed.  Maybe the article author had World of Warcraft on the mind ;).

Senior Product Manager - Web Gateway