Cisco Cisco Web Security Appliance S380 Guía Del Usuario

The appliance performs the following steps when you test NTLM authentication settings:

It ensures that the specified Active Directory server is reachable and responds to queries.

It ensures that a DNS lookup on the Active Directory domain is successful since the Active 
Directory domain must be a DNS domain name and not a WINS domain name.

It ensures the system time of the appliance and the system time of the Active Directory server are 
within three minutes of each other. 

It validates the user credentials by generating a kerberos ticket.

It validates whether the user has the proper privileges to add the Web Security appliance to the 
Active Directory domain.

It validates whether you can fetch the groups within the domain.

Some authentication settings are independent of any realm you define. For example, you can configure 
whether or not clients send authentication credentials to the Web Security appliance securely, even when 
using Basic authentication scheme. For more information, see 

.

The global authentication settings you can configure changes according to the Web Proxy deployment. 
You can configure more settings when it is deployed in transparent mode than in explicit forward mode.

On the Network > Authentication page, click Edit Global Settings.

Edit the settings in the Global Authentication Settings section as defined in 

.

Action if Authentication 
Service Unavailable

Choose one of the following values:

Permit traffic to proceed without authentication. Processing 
continues as if the user was authenticated.

Block all traffic if user authentication fails. Processing is 
discontinued and all traffic is blocked.

Failed Authentication 
Handling

When you grant users guest access in an Identity policy, this setting 
determines how the Web Proxy identifies and logs the user as a guest 
in the access logs.

For more information on granting users guest access, see