User identifcation gaps

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User identifcation gaps

Not applicable

We have an AD account for which we restrict all Internet access via a user-based security rule. The account is an auto-logon account for certain kiosk-type machines in our environment. I'm finding that the username being used on the machine is not always recognized by PA, and as a result Internet traffic is being allowed. There are other times when it recognizes that account and properly blocks Internet access.

Does anyone know why there are times that the username is not known to PA, and is there anything I can do to fix that?

Thanks

3 REPLIES 3

L4 Transporter

Bit of a 'how long is a piece of string question' I'm afraid, so many factors!

However - hopefully a bit more useful - one issue I found that could result in mapped users being 'lost' was enabling the 'Server Session' tracking in the agent.  Not sure why specifically, but if this check returns a user mapping that does *not* tally with the currently mapped users the agent 'resets' the node so it doesn't have either account associated.

The next time some device activity raises an AD event entry the user account is rermapped, but this does cause periods where no user is known for the device, which sounds like it could be what you're seeing?

Try playing with the timeouts, settings etc; or enable transparent NTLM auth for that source IP so it will perform an interactive authentication as that way it will force a background authentication when the kiosk machine connects to the web and should block it.

Thanks very much! I'll look into those suggestions....

Also enabling WMI and disable NETBIOS seems to be recommended (given that your clients provides a WMI interface for the server running your userid agent).

  • 2390 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!