Cisco Cisco Web Security Appliance S380 Betriebsanweisung
20-18
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 20 Authentication
Configuring Global Authentication Settings
NTLM Testing
The appliance performs the following steps when you test NTLM authentication settings:
1.
It ensures that the specified Active Directory server is reachable and responds to queries.
2.
It ensures that a DNS lookup on the Active Directory domain is successful since the Active
Directory domain must be a DNS domain name and not a WINS domain name.
Directory domain must be a DNS domain name and not a WINS domain name.
3.
It ensures the system time of the appliance and the system time of the Active Directory server are
within three minutes of each other.
within three minutes of each other.
4.
It validates the user credentials by generating a kerberos ticket.
5.
It validates whether the user has the proper privileges to add the Web Security appliance to the
Active Directory domain.
Active Directory domain.
6.
It validates whether you can fetch the groups within the domain.
Configuring Global Authentication Settings
Some authentication settings are independent of any realm you define. For example, you can configure
whether or not clients send authentication credentials to the Web Security appliance securely, even when
using Basic authentication scheme. For more information, see
whether or not clients send authentication credentials to the Web Security appliance securely, even when
using Basic authentication scheme. For more information, see
.
Note
The global authentication settings you can configure changes according to the Web Proxy deployment.
You can configure more settings when it is deployed in transparent mode than in explicit forward mode.
You can configure more settings when it is deployed in transparent mode than in explicit forward mode.
Step 1
On the Network > Authentication page, click Edit Global Settings.
Step 2
.
Table 20-8
Global Authentication Settings
Setting
Description
Action if Authentication
Service Unavailable
Service Unavailable
Choose one of the following values:
•
Permit traffic to proceed without authentication. Processing
continues as if the user was authenticated.
continues as if the user was authenticated.
•
Block all traffic if user authentication fails. Processing is
discontinued and all traffic is blocked.
discontinued and all traffic is blocked.
Failed Authentication
Handling
Handling
When you grant users guest access in an Identity policy, this setting
determines how the Web Proxy identifies and logs the user as a guest
in the access logs.
determines how the Web Proxy identifies and logs the user as a guest
in the access logs.
For more information on granting users guest access, see