FSSO and Mac

We use LDAP authentication. Our Mac users login via web authentication and show up under their LDAP user name in logs. If a user is already logged in via FSSO, they don' t get the web auth screen.

Hi Bill, It sounds like you are using FSSO and LDAP (web page logon for Macs) together, is that right? Do you use the keep-alive option on the web-auth screen? Do you have separate policy rules for the windows computers, and the Macs - or do you have them both matching one rule -with both authentication options configured? We tried having a single rule for PCs (FSSO) and Macs (web auth) but we found the windows users were getting the web auth screen too. How did you solve this? Thanks Paul

Are you using Active Directory and are your Macs on the domain? If so, put your FSSO in polling mode and click the " Check Windows Security Evernt Logs" radio button. Works perfectly.

Paul, I am using eDirectory, not Active Directory. That might be the difference here. We have a single policy rule but it should be operationally similar to what you have. Our Macs are not using our directory service (other than LDAP for login). With our FSSO setup, the firewall first checks the FSSO server to see if the IP address of the workstation has logged into the directory service. If so, it grants them access per their assigned group membership. Otherwise it presents the web login screen for LDAP. Cheaman' s solution sounds pretty good if your Macs are logging into AD.