Cisco Cisco Web Security Appliance S670 Betriebsanweisung
336
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
MyDomain\jsmith
However, if the Web Proxy uses Basic authentication for an NTLM authentication realm, then
entering the Windows domain is optional. If the user does not enter the Windows domain,
then the Web Proxy prepends the default Windows domain.
entering the Windows domain is optional. If the user does not enter the Windows domain,
then the Web Proxy prepends the default Windows domain.
Note — When the Web Proxy uses authentication with an LDAP authentication realm, ensure
users do not enter the Windows domain name.
users do not enter the Windows domain name.
Working with Failed Authentication
Sometimes users are blocked from the web due to authentication failure. The following list
describes reasons for authentication failure and remedial actions you can take:
describes reasons for authentication failure and remedial actions you can take:
• Client application cannot perform authentication. Some clients cannot perform
authentication or cannot perform the type of authentication that is required. If a client
application causes authentication to fail, you can define an Identity policy based on the
user agent and exclude it from requiring authentication. Or, you can define an Identity
policy based on a custom URL category to exclude all clients from requiring
authentication when accessing particular URLs.
application causes authentication to fail, you can define an Identity policy based on the
user agent and exclude it from requiring authentication. Or, you can define an Identity
policy based on a custom URL category to exclude all clients from requiring
authentication when accessing particular URLs.
• Authentication server is unavailable. An authentication server might be unavailable if the
network connection is broken or if the server is experiencing a problem. To avoid this
problem, configure the “Action if Authentication Service Unavailable” global
authentication setting. For more information, see “Configuring Global Authentication
Settings” on page 353.
problem, configure the “Action if Authentication Service Unavailable” global
authentication setting. For more information, see “Configuring Global Authentication
Settings” on page 353.
• Invalid credentials. When a client passes invalid authentication credentials, the Web
Proxy continually requests valid credentials, essentially blocking access to the web by
default. However, you can grant limited access to users who fail authentication. For more
information, see “Allowing Guest Access to Users Who Fail Authentication” on page 135.
default. However, you can grant limited access to users who fail authentication. For more
information, see “Allowing Guest Access to Users Who Fail Authentication” on page 135.
Note — You can configure the Web Proxy to request authentication again if an authenticated
user is blocked from a website due to restrictive URL filtering. To do this, enable the “Enable
Re-Authentication Prompt If End User Blocked by URL Category” global authentication
setting. For more information, see “Allowing Users to Re-Authenticate” on page 366.
user is blocked from a website due to restrictive URL filtering. To do this, enable the “Enable
Re-Authentication Prompt If End User Blocked by URL Category” global authentication
setting. For more information, see “Allowing Users to Re-Authenticate” on page 366.