This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

reauthenticate AD user when account is locked

I´m testing out the websecurity/proxy/active directoru auth at work and...

It´s working fine with auth, problem is that we have som guest accounts that are due for 1,2,4,8 hours

from what i can tell it doesent reauthenticate aginst the AD once logged in, is that true and if so how can i get asg to reauth say every 15min and if account is locked out then he should just throw up the "log in page"

hope it makes sense!

regards /Fredde

This thread was automatically locked due to age.

0 Ölm over 16 years ago

forgot somethin:
there are two authentication caches which can produce the bahaviour you see.
A "aua cache" and a "auth cache" inside the http proxy. Both cache timeouts are 5 minutes by default, so in worst case, the can sum up to a timeout of 10 minutes.

try to set the authentication cache of the http proxy by issuing the command
"cc set http auth_cache_ttl 10" on the command line - this will set the timeout to 10 seconds (from 300 seconds default) (will void your support theoretically - but not in real)

then hit the "flush authentication cache" button in Webadmin (under Users-Authentication)

Check then whether your surf user (whose account is disabled on the AD meanwhile) is then blocked immediately.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago

Here's why I said I believe the problem you're having is an indication of a bug:
An authentication is valid for 300 seconds. During this time, other authentication requests by the same user are looked up directly in the cache. This technique takes load off backend authentication services like eDirectory.

Cheers - Bob
PS Ölm and I posted almost simultaneously.

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel