I have lookied through other posts and also opened a Ticket with McAfee. Seems all my settings are correct on the firewall to get Active Passport working with AD. I get prompted properly by the firewall for my AD login credentials. When I type in the correct credentials for a user in the External Group, I continually get prompted for my credentials. No error pops up. I can see the Firewall and AD talking using wireshark. Looks like the AD is not passing the authentication approval back to the firewall.
Does anyone know of any special settings that need to be set in AD to make this work. We are running Server 2008 Standard.
This is from the firewall log.
2013-10-29 15:01:26 -0400 f_http_proxy a_aclquery t_info p_trivial
pid: 60636 logid: 0 cmd: 'httpp' hostname: STIPMFW01.SECURETECHNOLOGIES.CA
user_name: (null) auth_method: failed-AD srcip: 192.168.10.180 srcport: 51121
srczone: internal protocol: 6 dstip: 192.168.10.11 dstport: 8111
dstzone: internal rule_name: <Implicit Passport - AD>
information: SKIP: rule requires authentication; client authentication failed
also, if anyone can confirm the following setting on the firewall.
when creating the Windows authenticator, I am creating a new Windows domain controller, and am asked to enter the ip address and Name (Windows Domain Controller Name)....
Do I use the Host Name here, or fully qualified domain name, or just the domain....?
Make sure the user is a local-user on the firewall also. The username must exist on the firewall.
Make sure you are using <None/Passport> as the authentication method in the rule and set the AD authenticator as the default (or only) authenticator to use for Passport (in the Passport section of the GUI).
I would always use an IP address for the server.
Can you confirm what goes here next to Window Domain Controller Name: as I am getting different answers depending on who I talk to....
Message was edited by: kdesnayer on 10/30/13 7:27:50 AM CDT