03-02-2009 08:31 AM
Off the top of my head there are a couple of things that could cause auth table entries not to get pushed:
1) If the IC believes the client machines communicaiton is natted to the IC
2) If the FW does not have any defined infranet auth policies
3) if the IC auth table mapping policy is configured for dynamic (for testing, you should start out with always provision setting - that is the default)
4) if no IE resource policies are defined on the IC
So first, I would say verify that the IC and the client are communicating directly (without nat)
Second, make sure you have some infranet auth policies defined on the FW (in the FW gui, these policies will show with a little shield icon)
Third, verify your IC configuration to make sure your resource policies and your auth table mapping policies are defined correctly.
Hope some of that helps. If not, it might be time to call JTAC
03-11-2009 02:03 AM - edited 03-11-2009 02:10 AM
The Authtable is now published to the Enforcer andeverything seems to be working.
The rest to be done:
I am able to authenticate to the IC directly (by opening up IE and connecting to a specific URL on the IC) by means of using the "System Local" and "LDAP/AD" databases as authentication servers.
With regards to LDAP and RADIUS, I have a quick question:
Do I have to create a "Location Group" and "RADIUS Client" under "UAC>Network Access>Location Group" and also under "UAC>Network Access>Radius Client" for LDAP to work in conjunction with the local RADIUS (SBR) setup on the IC, for seemless authentication ?
I am however still experiencing some problems with authenticating to the IC by means of the Oddessy client (OAC), but I think this may be a slight misconfiguration that I have done on the IC.
Ok, so all that is left for me to do now is the following:
When all this is done, I will be able to do the demo to our partners customer as they want to see it.