I am used to the incredibly verbose log messages that I get for Web Filtering with EDirectory SSO. The Web Filtering live log fills with pass/block messages that show the username / IP / Proxy Profile and Filter Action.
When there is trouble, there are good messages in the User authentication daemon. ie:
2012:10:03-16:20:22 astaro-1 aua[25923]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="192.168.14.175" user="asdf" caller="http" engine="edirectory-sso"
2012:10:03-16:20:23 astaro-1 aua[25926]: id="3006" severity="info" sys="System" sub="auth" name="Trying 172.xx.xx.xx (edirectory)"
2012:10:03-16:20:23 astaro-1 aua[25926]: id="3006" severity="info" sys="System" sub="auth" name="Authentication failed" srcip="172.16.224.18" user="172.16.224.18" caller="http" reason="DENIED"
In the first message you can see a logon request where the username is correctly passed to the ASG. In the third message, you can see how it wasn't, and ASG is trying to authenticate the IP address.
The problem that I'm having, is that I can't easily see failed logon requests that are AD-SSO. I recently had an issue where a machine was trying to log on with the computer account, and couldn't easily see it in the ASG logs. I ended up with a packet capture that showed the web proxy request with an NTLM logon tacked on to the packet (As opposed to a proxy request with a plain text user/password when using eDirectory).
The ASG evaluated the web rights of the computer account and applied the default policy, since the computer account doesn't have any web rights.
Are there some logs that I'm missing that verbosely show Active Directory logons?
This thread was automatically locked due to age.
