Integrated Windows Authentication

Statistic Description
 

Diagnostic Test

This function runs diagnostic tests on the Kerberos connection to the selected domain. Results are displayed on screen and written to /opt/WCG/logs/ content_gateway.out and /opt/WCG/logs/ smbadmin.log.

Domain drop down box Select a joined domain. Unless Rule-Based Authentication is configured, there will only be 1 joined domain.
Run Test button Click to initiate a test.
 

Active Directory Joined Domains list

Lists all joined AD domains.

The Content Gateway Hostname DNS is the name that clients must specify in their browser proxy settings for Kerberos authentication to occur.

  Kerberos request counters
Total Kerberos requests The total number of Kerberos authentication requests.
Authentication succeeded The number of Kerberos authentication requests that resulted in successful authentication.
Authentication failed The number of Kerberos authentication requests that resulted in authentication failure.
Kerberos errors The number of Kerberos process errors.
  NTLM request counters
Total NTLM requests The total number of NTLM authentication requests.
Authentication succeeded The number of NTLM authentication requests that resulted in successful authentication.
Authentication failed The number of NTLM authentication requests that resulted in authentication failure.
NTLM request errors The number of NTLM process errors.
NTLM within negotiate requests The number of NTLM requests encapsulated in Negotiate requests.
  Basic authentication request counters
Total basic authentication requests The total number of basic authentication requests.
Authentication succeeded The number of basic authentication requests that resulted in successful authentication.
Authentication failed. The number of basic authentication requests that resulted in authentication failure.
Basic authentication request errors The number of basic authentication process errors.
  Performance counters
Kerberos - Average time per transaction The average time, in milliseconds, to complete a Kerberos transaction.
NTLM - Average time per transaction The average time, in milliseconds, to complete a NTLM transaction.
Basic - Average time per transaction The average time, in milliseconds, to complete a basic transaction.
Average helper latency per transaction The average time for Samba to process an authentication request.
Time authentication spent offline

The time, in seconds, that Content Gateway was unable to perform NTLM authentication due to service or connectivity failures. (This measure does not apply to Kerberos because no communication with the DC is needed.)

If the Fail Open option is enabled (Global authentication options), proxy requests may proceed without authentication.

The counter is incremented when connectivity is reestablished after a failure.

Number of times authentication servers or services went offline The number of times that connectivity with authentication servers or services has been lost.
 

Top lists counters

These user authentication lists provide a view into which User-Agent values and client IP addresses are most active. Four counters tally the top 20 User-Agent and client IP addresses that are passing or failing user authentication.

Button: Reset Top Lists to Zero Resets all Top Lists counters to zero.
Top User-Agents passing authentication Lists the top 20 User-Agent matches by number of authentication attempts that pass authentication.
Top User-Agents failing authentication Lists the top 20 User-Agent matches by number of authentication attempts that fail authentication.
Top Client IP addresses passing authentication Lists the top 20 client IP addresses by number of authentication attempts that pass authentication.
Top Client IP addresses failing authentication Lists the top 20 client IP addresses by number of authentication attempts that fail authentication.