• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

authenication question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Cache] >> Web Proxy Client >> authenication question Page: [1]
Login
Message << Older Topic   Newer Topic >>
authenication question - 28.Apr.2003 5:40:00 PM   
deyster

 

Posts: 84
Joined: 8.Jan.2002
From: Pennsylvania
Status: offline
Every so often a user complains about being prompted to enter in there credentials to access a web page. This happened today to my manager (not good), but I remember his password was set to expire today.

Is it possible that he started to get the prompt to enter in his credentials because of his password expiring today?

Dan
Post #: 1
RE: authenication question - 29.Apr.2003 1:08:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Dan,

Yes.

HTH,
Tom

(in reply to deyster)
Post #: 2
RE: authenication question - 14.May2003 10:48:00 PM   
lemonwater925

 

Posts: 417
Joined: 22.Mar.2001
From: North of the 49th
Status: offline
Shocking but that is the way it works. Brought this up with the ISA development team and they promised to look at it.

Seems that when ISA checks your credentials against the DC when your time is up it is up. If you logon to a domain and your password expires during the session you only get prompted the next time you logon. Seems that the ISA team was not on the same page as the desktop team.

Is a real pain but, when our help desk gets a call first thing they tell them to do is change their password and try again. Fixes it most of the time.

(in reply to deyster)
Post #: 3
RE: authenication question - 15.May2003 4:04:00 AM   
Guest
I don't know if it is shocking or good. We've got some people who never shut down so they always miss the 15-day expiration warning and get prompted for ISA credentials. The first thing I do to troubleshoot is double-click on a network share and it tells me their password is expired.

(in reply to deyster)
  Post #: 4
RE: authenication question - 4.Sep.2003 9:38:00 PM   
pierreo

 

Posts: 12
Joined: 5.Apr.2002
Status: offline
I would like to replace this credentail prompt by a warning message explaining the situation to the user. Is it possible?

(in reply to deyster)
Post #: 5
RE: authenication question - 5.Sep.2003 7:04:00 AM   
AHIT

 

Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
pierre: No, but you could edit the file in errorhtmls to indicate that this may be a possible reason. errmm... 407 I think it is. That way if the user keeps entering credentials or gives up they'll eb shown the ISA page and it includes some helpful information on why!

Ray: You could enforce logon times in NT/AD so a user is essentially kicked out when time expires basically forcing them to relogon...

(in reply to deyster)
Post #: 6
RE: authenication question - 30.Sep.2003 3:29:00 PM   
gtlscot

 

Posts: 10
Joined: 29.Jun.2003
Status: offline
We have a had a similar problem reported by one of our directors. Everytime he attempts to access the web he is asked for authentication. However, his account is not locked out or ready to expire. Access to the web is controlled in by membership of domain users group. All staff not requiring access to the internet are in a nointernet group. This user is not a member of the group.

Really struggling with this one.

Regards

Graeme Lockhart

(in reply to deyster)
Post #: 7
RE: authenication question - 1.Oct.2003 2:14:00 AM   
AHIT

 

Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
What's reported in your webdyyyymmdd.log Graeme?
Provided logging of all fields is turned on the logfile will tell you what rules were used to allow/deny a request.

(in reply to deyster)
Post #: 8
RE: authenication question - 1.Oct.2003 9:21:00 AM   
gtlscot

 

Posts: 10
Joined: 29.Jun.2003
Status: offline
The log files reference 12209 errors stating the user is not authenticated. I have now changed our log settings to log rules 1 and 2. Will report back when I contact the user and gain more information.

Regards

(in reply to deyster)
Post #: 9
RE: authenication question - 2.Oct.2003 3:17:00 PM   
gtlscot

 

Posts: 10
Joined: 29.Jun.2003
Status: offline
Problem solved. As this was the only reported inicident we re-created the users profile. Hey presto success.

Thanks everyone

(in reply to deyster)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Cache] >> Web Proxy Client >> authenication question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts