Cisco Cisco Web Security Appliance S170 Guía Del Usuario
A-3
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Authentication Problems
LDAP Problems
•
•
LDAP User Fails Authentication due to NTLMSSP
LDAP servers do not support NTLMSSP. Some client applications, such as Internet Explorer, always
choose NTLMSSP when given a choice between NTLMSSP and Basic. When all of the following
conditions are true, the user will fail authentication:
choose NTLMSSP when given a choice between NTLMSSP and Basic. When all of the following
conditions are true, the user will fail authentication:
•
The user only exists in the LDAP realm.
•
The Identification Profile uses a sequence that contains both LDAP and NTLM realms.
•
The Identification Profile uses the “Basic or NTLMSSP” authentication scheme.
•
A user sends a request from an application that chooses NTLMSSP over Basic.
Reconfigure the Identification Profile or the authentication realm or the application such that at least one
of the above conditions will be false.
of the above conditions will be false.
LDAP Authentication Fails due to LDAP Referral
LDAP authentication fails when all of the following conditions are true:
•
The LDAP authentication realm uses an Active Directory server.
•
The Active Directory server uses an LDAP referral to another authentication server.
•
The referred authentication server is unavailable to the Web Security appliance.
Workarounds:
•
Specify the Global Catalog server (default port is 3268) in the Active Directory forest when you
configure the LDAP authentication realm in the appliance,
configure the LDAP authentication realm in the appliance,
•
Use the
advancedproxyconfig > authentication
CLI command to disable LDAP referrals. LDAP
referrals are disabled by default.
Basic Authentication Problems
•
Related Problems
•
Basic Authentication Fails
AsyncOS for Web only supports 7-bit ASCII characters for passphrases when using the Basic
authentication scheme. Basic authentication fails when the passphrase contains characters that are not
7-bit ASCII.
authentication scheme. Basic authentication fails when the passphrase contains characters that are not
7-bit ASCII.