1 Reply Latest reply on Nov 5, 2012 7:09 AM by asabban

    Transparently authenticate User Groups and apply quota

    tericm

      Hi,

       

      New to the Webgateway product and I'm having trouble configuring transparent authentication of different user groups and applying quota times to those groups. All quota groups would have a 6 minute session time. Can someone provide an example of what a rule set would look like?

       

      I would have these groups that I would need to transparently authenticateand apply quota and sessions:

       

      Web30mins

      Web60mins

      Web90mins

       

      I have searched but I guess I'm not following some of the instructions properly. I do have success when I do the authentication test under my NTLM Authentication Method test.

       

      Thanks.

        • 1. Re: Transparently authenticate User Groups and apply quota
          asabban

          Hi Eric,

           

          do you already have authentication/authorization set up? It seems that MWG is generally able to talk to the Domain Controller, which is good. As the next step you have to tell MWG to authenticate users when they want to browse. To do so import the "Direct Proxy Authentication" rule set (or one of the other authentication rule sets if required) into your policy.

           

          Modify the rule set to use your NTLM Authentication setting, instead of user-database. When you now save the policy MWG will ask users to authenticate. If this works fine and you see usernames in the access.log you can start building rules that are based on usernames or group memberships.

           

          The properties you will most likely use are Authentication.Username and Authentication.UserGroups.

           

          To apply different Quota Settings based on Group Memberships you could import the example quota rule set three times and add a criteria "Authentication.UserGroups contains Web30mins" for the 30 minutes group, and so on. Now users will jump into different rule sets for quota depending on their group membership.

           

          This is just a very high level approach, but maybe it gives you some ideas.

           

          Best,

          Andre