cancel
Showing results for 
Search instead for 
Did you mean: 
RayP
Level 7

Secure Web Reporter, Usernames are (not applicable\-) of child domains.

Our situation is as follows.

Downstream proxy (ISA 2006) in NLB mode configured with the "Webwasher ISA Server Proxy Chaining Plugin" connects to the upstream Web Gateway 6.8.6 build 6257 in cluster mode.

Web Mapping is configured as:

Map from:               User Name

Map via:                  map directly

Using these rules:    User-Direct-1

Within [Edit rules and options]

Extract user information from:     User defined request header

User defined meta of requested header:     X-Authenticated-Users

Checked Mapping options:

Add domain name to user name

In de reporting of the web gateway is see root domain users (domainname+username) but not of the child domains+usernames.

In the ISA logging I see both rootdomain and childdomain.

Authorisation is okay.

Regards,

Raymond

0 Kudos
8 Replies
asabban
Level 17

Re: Secure Web Reporter, Usernames are (not applicable\-) of child domains.

Hey Raymond,

the interesting thing is what is in the access.logs of MWG. Can you probably post one line with a root User and one of a child domain User?

You can remove the URL and IP part if you like, I am mainly interested in the Username part.

Best,

Andre

0 Kudos
RayP
Level 7

Re: Secure Web Reporter, Usernames are (not applicable\-) of child domains.

Hi Andre,

For some strange reason both users (rootdomain and childdomain) are not visible within the MWG

#src_ip - auth_user time_stamp "req_line" status_code bytes_to_client "referer" "user_agent"

172.16.2.24 - - [20/May/2010:10:02:03 +0000] "GET http://www.mcafee.com/ HTTP/1.1" 0 1040 "" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648)" 172.16.2.24 - - [20/May/2010:10:02:03 +0000] "GET http://www.mcafee.com/ HTTP/1.1" 200 149 "" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648)"

Regards,

Raymond

0 Kudos
king-ed
Level 7

Re: Secure Web Reporter, Usernames are (not applicable\-) of child domains.

Hi RayP,

I am seeing a similar issue with 6.8.7 7306 and ISA Server 2006 running in proxy chain mode.

Here is a snip from my access.log:

172.20.1.90 - - [17/May/2010:17:17:01 +0100] "GET http://www.google.co.uk/search?hl=en%26q=MCAFEE%26meta= HTTP/1.1" 0 1189 "" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" "se" "0" "default"

Many thanks

0 Kudos
RayP
Level 7

Re: Secure Web Reporter, Usernames are (not applicable\-) of child domains.

Hi King-ed.

What are the settings u'r using at the tabs [User Management] and [Proxies] ?

Regards,
Raymond

0 Kudos
king-ed
Level 7

Re: Secure Web Reporter, Usernames are (not applicable\-) of child domains.

Hi Raymond,

I am using settings as suggested by McAfee support.

Proxies... Authentication:

Authentication Process: None, None

Always authenticate client: unchecked

User Management:

I am using Windows Domain Membership.

Policy Management... Web Mapping:

Mapping Options: Block request

From: Group Name, map directly - (User defined request header) X-Authenticated-Groups - Input value must exist.

Thanks

0 Kudos
RayP
Level 7

Re: Secure Web Reporter, Usernames are (not applicable\-) of child domains.

Hi King-Ed,

I use the same settings, except the "Windows Domain Membership".

What about hte Proxy Chaining Plugin?

Include User Header:                    X-Authenticated-User

Include Group Header:                  X-Authenticated-Groups

Include Forwarded For Header:      X-Forwarded-For

Unchecked the "Do not attempt to get groups from..."

Regards,
Raymond

0 Kudos
king-ed
Level 7

Re: Secure Web Reporter, Usernames are (not applicable\-) of child domains.

Yes mine are the same.....

ho hum!

0 Kudos
RayP
Level 7

Re: Secure Web Reporter, Usernames are (not applicable\-) of child domains.

Within [Configuration] - [Wizards] - [Reporting Configuration] i see:

-Would you like to anonymize user identities for:

     HTTP reports?                    Yes

     HTTP log files?                    Yes

It's not possible to set this from Yes to No.

When using {Apply Changes} the checkbox jumps from No to Yes.

Is that normal?

0 Kudos