cancel
Showing results for 
Search instead for 
Did you mean: 

NTLM-Agent authentication issues

Hello,

we are using 2 ntlm-agents (last available version) to preform authentication in our Proxy-HA environment. Although we have set Authentication Cache and Ntlm Cache both to 30min, it looks like every request performs authentication against each of the ntlm-agent. NTLM-agent itself is also configured with 30min cache.

auth.PNG

After performing auth twice (once per ntlm-agent), variable Authentication.Authenticate is set to true and content displayed.

Auth2.PNG

Is this the supossed behaviour? Shouldn't it skip those authentications as cache is enabled everywhere possible?

Thank you in advance,

maitane

5 Replies
McAfee Employee smasnizk
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: NTLM-Agent authentication issues

Maitane,

this is expected as any request needs to be authenticated. Please find below the description from Product Guide:

Enable NTLM cache:

When selected, NTLM authentication information is stored in this cache.

Authentication is then based on this stored information, rather on

information retrieved from the Windows domain server.

Use authentication cache

When selected, authentication information is stored in a cache.

Authentication is then based on this stored information, rather than on

information retrieved from an authentication server or the internal user

database.

-Sergej

P.S.: This two authentication entries are related to NTLM Handshake not to your agents, please see more details in this article

Re: NTLM-Agent authentication issues

How long will the entries be stored in the cache?

McAfee Employee smasnizk
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: NTLM-Agent authentication issues

For the time period configured in "Authentication cache TTL" and "NTLM cache TTL".

-Sergej

Re: NTLM-Agent authentication issues

Does TTL meant time after first appearance or after last?

Is it possible to dump the current cache values?

The 3 way handshake between client and proxy must done for each requests.

These values are only for caching the requests to the AD server???

McAfee Employee smasnizk
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: NTLM-Agent authentication issues

Frank,

you're right this values are to reduce the traffic and requests sent to your AD. This detailed information will bring some light in the dark:

For the TLL start time I expect the first request. Based on my information it would otherwise never expire.

-Sergej

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community