After configuring LDAP in Symantec Web Gateway (SWG), User information is partially populating in Reports. The top departments by hits is 100% of items are reporting 100% not authenticated.

book

Article ID: 178135

calendar_today

Updated On:

Products

Web Gateway

Issue/Introduction

How do you get the detailed user information in this reports.

Symptoms
An LDAP source is configured and consistently tests successful.
  • Authentication is setup and enabled, either NTLM or DCinterface.
  • SWG monitors traffic for several hours after the LDAP configuration was completed.
  • Top Departments by Hits reports Not Authenticated 100%
  • Top Users by Hits list contains a list of users names.


Resolution


This issue is resolved in dcinterface version 4_5_3. If you are not able to immediately upgrade to dcinterface_4_5_3, then you can workaround this behavior by clearing the LDAP cache (see below).
  1. Update SWG or CIU to version 4.5.2.72
  2. After the unit restarts, navigate to the Administration> Configuration> Authentication page of the web interface.
  3. Click "Download domain controller interface software" to download dcinterface_4_5_3
  4. Uninstall dcinterface from each machine where it is currently installed.
  5. Reinstall dcinterface using the 4_5_3 install material.




To clear LDAP cache
  1. Navigate to the Administration> Configuration> Authentication page of the web interface.
  2. Set the "Age out login entries after" to 0
  3. Click Save.

    The reports should start showing authenticated connections right away.
  4. After a few minutes set the value back to the previous value.

    Returning this value to either the default or previous value will reduce numbers the Domain Controller needs to handle.



References

Title: Release Notes for Symantec Web Gateway
URL: http://service1.symantec.com/support/ent-gate.nsf/docid/2009100714200254



Technical Information

If you have dcinterface_4_5_3 or later, you may also see the following email alert:
Alert: DC Interface Status

ALERT: The DCInterface Client running on is not contacting the Web Gateway on its regularly scheduled interval.

Please check the status of the DCInterface Client by referring to the errorlog located in its installation directory.

Click here to view the current system status.



Attachments