2 Replies Latest reply on Jul 18, 2013 12:28 AM by NetTas

    MWG 7.3.2 - Unable to login to GUI

    NetTas

      We have very recently upgraded to 7.3.2.1 from 7.3.0.2. All went well with the excpetion that GUI Administrators can no longer use the GUI.

       

      There are some administrator accounts existing on the local UserDatebase - these users are able to connect to the WebGateway GUI

       

      However most other administrators connect using their Authenticated NTLM credentials.

       

      If you are a member of an Active Directory Global Group on a Domain that is authenicated to the Web Gateway appliances, and that Domain\Group is associated with a WebGateway Role, then we have been able to login to GUI using Domain\UserID and have the permissions associated with the role.

       

      This stopped last night - considering there are 100's of administrators using the Web Gateway cluster that authenticate this way - well we have a problem.

       

      The screen shot below shows when I test the user in CORE Domain, the "Authentication Test Results" show the User to be a member of "CORE\under test group".

      Even though  "CORE\under test group" is associated with the "Super Administrator" Role, the  "Authentication Test Results" indicates to Role is not Mapped.

      ntlm(1).png

       

      I have created a work request with McAfee who are investigating this issue as I type - they are been very supportive and doing an excellent job.

      It may be something at our end - but just in case this is for the community's imformation.

       

       

      Andrew G

        • 1. Re: MWG 7.3.2 - Unable to login to GUI

          I've heard about this before. I'm not sure if it was on communities or internal, but you have to use a double backslash.

           

          Capture.png

          • 2. Re: MWG 7.3.2 - Unable to login to GUI
            NetTas

            Thanks for the info above eelsasser - could not seem to make that suggestion work - but I'm Tasmanian after all.

             

            However, McAfee support have provided a work-around - basically remove the Domain reference in the "Authentication Server Group => Role Mapping" section. ie. using above diagram -

            "CORE\under test group => Super Administrator" becomes "under test group => Super Administrator"

             

            All now works a treat. This will be addressed with the next update by McAfee

             

            Can I say how impressed I was with the level of support and enthusiasm from the McFee Support Team.

             

            Andrew G