Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
400 Views 4 Replies Latest reply: Oct 30, 2013 7:41 AM by kdesnayer RSS
kdesnayer Newcomer 52 posts since
Oct 14, 2010
Currently Being Moderated

Oct 29, 2013 3:25 PM

Active Passport with AD

Howdy all,

 

I have lookied through other posts and also opened a Ticket with McAfee.  Seems all my settings are correct on the firewall to get Active Passport working with AD.  I get prompted properly by the firewall for my AD login credentials.  When I type in the correct credentials for a user in the External Group, I continually get prompted for my credentials.   No error pops up.   I can see the Firewall and AD talking using wireshark.   Looks like the AD is not passing the authentication approval back to the firewall.

 

Does anyone know of any special settings that need to be set in AD to make this work.   We are running Server 2008 Standard. 

 

This is from the firewall log.

 

2013-10-29 15:01:26 -0400 f_http_proxy a_aclquery t_info p_trivial

pid: 60636 logid: 0 cmd: 'httpp' hostname: STIPMFW01.SECURETECHNOLOGIES.CA

user_name: (null) auth_method: failed-AD srcip: 192.168.10.180 srcport: 51121

srczone: internal protocol: 6 dstip: 192.168.10.11 dstport: 8111

dstzone: internal rule_name: <Implicit Passport - AD>

information: SKIP: rule requires authentication; client authentication failed

 

 

Cheers,


Kevin

  • sliedl McAfee SME 535 posts since
    Nov 3, 2009
    Currently Being Moderated
    2. Oct 29, 2013 3:49 PM (in response to kdesnayer)
    Re: Active Passport with AD

    Make sure the user is a local-user on the firewall also.  The username must exist on the firewall.

     

    Make sure you are using <None/Passport> as the authentication method in the rule and set the AD authenticator as the default (or only) authenticator to use for Passport (in the Passport section of the GUI).

     

    I would always use an IP address for the server.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points