Something strange is happening.
I am evaluating the employment of IAS (w2k Advanced Server) and user's profiles for Surf Protection, according to the description of Astaro Sacurity Linuux V4 User's Guide (27.02.2003).
I defined a windows group (DealingGroup) to which a windows user belongs (luis) to that group.
I defined the rule "Financial/Banking Access Rules" that contains two conditions: "NAS-Identifier = FinancialSites" and that Windows-Group = OOB\DealingGroup.
When the user "luis" tries to be authenticated with the proxy, this it refuses him the access requesting the password again
Revising the logs of the system (Computer Management -> SystemTools -> Event Viewer -> System) and I met with the following thing: for each authentification action, they take place (in my case) two events. In the first of them, the result is successful:
User luis was granted access.
Fully-Qualified-User-yam = OOB\luis
NAS-IP-Address =
NAS-Identifier = FinancialSites
Client-Friendly-yam = ASL4
Client-IP-Address = 10.1.0.73
NAS-Port-Type =
NAS-Port =
Policy-yam = Financial/Banking Access Rules
Authentication-Type = PAP
EAP-Type =
while in the second event is failed:
User luis was denied access.
Fully-Qualified-User-yam = OOB\luis
NAS-IP-Address =
NAS-Identifier = http
Called-Station-Identifier =
Calling-Station-Identifier =
Client-Friendly-yam = ASL4
Client-IP-Address = 10.1.0.73
NAS-Port-Type =
NAS-Port =
Policy-yam =
Authentication-Type = PAP
EAP-Type =
Reason-Code = 48
Reason = The user's information did not match to Remote Access Policy.
It would seem that for each intent of authenticating an user, the proxy proves with each one of Surf Protection profile using it's profile name.
The fact is that proxy should stop this process as soon as an OK received and doesn't make it.
Somebody can help me!
Thanks a lot,
jacas
This thread was automatically locked due to age.
