Tag: Digest access authentication
How is Authentication Required different from Access Denied
issues setting up second managment server
first management server is using embeded database.
installing symantec endpoing on second server, selecting option to install additional managment server to existing site.
when I get to Database Server Authentication I have two options, SQL server authentication, and Windows Authentication.
tried windows authentication but no go, and try SQL server authentication and it fails as wellm error 11501.
notes show username for DB is DBA, and we have notes for the password, but not sure of the database name, it defautls to sem45.
how can I verify the correct database name for an embedded database on the other server.
7023548: How to Set up a Multi-Tenant System on SMG
Server name: The name this server will use.
Connection address: The IP address of this server.
Description: An optional field to describe this server.
System key: (Optional) The system key is a unique value used to secure your Secure Messaging Gateway system, that is shared across all servers. Due to its sensitive nature, it is not stored in the system database.
Typically, leave this entry blank, and an existing gwavaman program will be contacted to acquire the key during the validation step.
If the validation process cannot obtain this key from another server, you will need to access the config/system.xml file inside the Secure Messaging Gateway directory on an existing server and enter the <privatekey> entry here manually.
Please note that entering an invalid key will cause secure data to be incompatible between servers and will very likely lead to system instability.
DB server address: The address of the database server, the first Secure Messaging Gateway server or other designated postgres server.
DB name: The name of the database (default is SecureGateway).
DB user name: The username for the database (default is postgres).
DB password: The password for the database (default is postgres).
Validating security code only
To authenticate users in VIP service, the enteprise gateway will forward the username and password to the AD/Ldap server and the security code will be forwarded to VIP services for validation.
If i wanted to only validate the security code (without username and password) using only the enterprise gateway and validation server, will this work.
What will be the configuration steps?
Proxy needs to reauthenticate HTTPS sessions on policy install
I’m seeing an issue with ASG policy that I haven’t come across before.
This is an explicit proxy deployment with IWA authentication, category/site based exceptions. We see that when any policy is saved, any users with active intercepted HTTPS connections are presented with browser authentication popups. Policy traces show that despite the connection being authenticated at the CONNECT command, and intercepted requests prior to the policy update being processed against the authenticated user, following the policy update the requests fail due to authentication required. The proxy does its best to authenticate by sending a HTTP status 401 (can’t do a 407 proxy auth within an existing HTTPS tunnel). We can prevent the auth popups with some policy to say “do not authenticate SSL proxy requests”, but then we need to blow a hole in our policy as we can not have any user based rules applied to HTTPS traffic.
What makes this environment a bit unusual is that we use multi-tenant policy with ‘global’ and per-tenant policy, maybe that triggers the behaviour.
But, just wanted to know if any other Knights had seen this sort of behaviour before?
To configure RSA + StoreFront Auth using nfactor
By enabling Store Front authentication, NetScaler does authenticate users with StoreFront (via LDAP) instead of the NetScaler Gateway performing a LDAP query to an Active Directory server.
To configure “Two factor authentication” as RSA + Storefront Auth along with pre-filled User name in the second Factor, please follow the steps below:
Go to Advanced authentication Policies under Security –> AAA – Application traffic, create the Policy and Action Type:
- Choose Authentication Type – StoreFront Auth is Selected
- StoreFront URL – The StoreFront Server URL. This should auto-populate from the information entered in the previous screen
- Retrieve Auth Enabled Stores – This will contact the StoreFront server retrieve the authentication endpoint for the store
- Default Authentication Group – This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
- Domain – Domain of the server that is used for authentication. If users enter name without domain, this parameter is added to username in the authentication request
To get, the pre-filled User name for the second factor, we need to select the appropriate Login Schema:
Re: Networker 9.1 AuthC error
I am trying to configure the new Authc authentication for a Networker 9.1 env. The AD (LDAP) configuration part succeeds ,whereas the nsrlogin test fails every time, I try authenticating with an appropriate user ID and password of the configured LDAP domain. It says..
130136:nsrlogin: Please enter password:
117849:nsrlogin: Authentication library error: Unauthorized access: The username or password is incorrect
All necessary supporting packages were installed prior to the config. both the user name and the password combination is also correct.
nsr auth c version 22.214.171.124
Any help in this is much appreciated.
7022711: Uploading files greater than 3MB fail when using the Windows Web Client (WebDAV) with Filr
Here are some possible solutions to this problem:
- Use a 3rd party WebDAV client such as BitKinex.
- Modify the default Filr WebDAV Authentication method from Digest to Basic authentication. This can be done from the Filr appliance’s 9443 interface under the WebDAV Authentication menu (as documented in the Filr Administration Guide).
IMPORTANT: When using Option #2, please ensure that your Filr site does NOT allow non-SSL access. Basic authentication which passes user credentials in clear-text should only be considered as an option when using SSL (https) to connect to the Filr site. Also, after re-configuring Filr to use Basic authentication, users will need to add the mapped folder to Filr again.
ProxySG | Please help to see access logging
Please help to see access logging why have authentication fail so much and have error http 407.
Client authentication via IWA Realm and computer is join domain.
but client normal access to internet but first time access website it so slowly. you can see from attach file.
in attach files have access logging and CPL.