Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Transparent User Authentication through AD

Updated: 01 Mar 2011 | 7 comments
alveden's picture
alveden
0 0 Votes
Login to vote
This issue has been solved. See solution.

Have configure user authentication using LDAP and NTLM, and also configured the policies to use Authentication, with "Authenticated, no enforce" on. Symanted DCInterface is installed in AD.

However, some end-users are still getting prompt on and off. Anyone faced this problem. NTLMv1 is enable on all clients.

Anyway to configure this box to be truely transparent and is there any log files that can be give any clue to the authentication process. The GUI does not provide any logs at all.

discussion Filed Under:
,
Group Ownership:
PartnerNet Group

Comments

Sergi Isasi's picture
23
Nov
2009
1 Vote +1
Login to vote
Sergi Isasi
Symantec Employee

Alveden, I would recommend

Alveden,

I would recommend working with Support to get specific answers to your questions - but generally speaking you do not need both DCinterface and NTLM on.  If you've installed DCinterface, you can turn NTLM off since logins will be captured on the DC itself.

Senior Product Manager - Web Gateway

BernardoSW's picture
02
Feb
2010
0 Votes 0
Login to vote
BernardoSW
Accredited

Behavior for non-domain machines

Hi guys,

What would SWG's behavior be if we have the DCInterface on and a machine that is not part of the domain tries to access the Internet?

Will there be a popup asking for authentication and then the user can type in his domain credentials?

Thanks,

Bernardo

Sergi Isasi's picture
02
Feb
2010
1 Vote +1
Login to vote
Sergi Isasi
Symantec Employee

Bernardo, Depends on whether

Bernardo,

Depends on whether or not you enable NTLM and create an authentication policy for that IP. 

If you do not, there will be no user popup or authentication on the user side at all and a non-domain user will get the applicable IP based policy applied to them.  If no IP based policy exists for the user IP, they will get the default policy.

If you enable NTLM and choose to authenticate that user's IP, the user would get prompted if they are not already logged onto the domain.

SI

Senior Product Manager - Web Gateway

KevK76's picture
05
Feb
2010
0 Votes 0
Login to vote
KevK76
Symantec Employee
Accredited

Differences between NTLM and DC Interface

You might to check out this KB that talks about the two methods of identifying end users:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009111011140954

 

One thing incorrect in the KB is that we are now Supporting both methods on AD 2008.

Kevin

Cricket17's picture
16
Feb
2010
0 Votes 0
Login to vote
Cricket17

typo in the document KevK76 refrenced

"For more information see Chapter 6 of the Implementation guild. The guild is available here:"

I think it means GUIDE not Guild

Sergi Isasi's picture
17
Feb
2010
0 Votes 0
Login to vote
Sergi Isasi
Symantec Employee

Hah - good catch.  I'll have

Hah - good catch.  I'll have it changed.  Maybe the article author had World of Warcraft on the mind ;).

Senior Product Manager - Web Gateway

Hear4U's picture
01
Mar
2011
0 Votes 0
Login to vote
Hear4U

please try this

Comparison of Active Directory integration with a domain controller and NTLM

Subscribe to the upcoming Security Newsletter - Log in, visit your profile, and click on "Newsletter Subscriptions!"

SOLUTION

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,091