Forum Discussion

a_pavlov_114144's avatar
a_pavlov_114144
Icon for Cirrus rankCirrus
Feb 24, 2014

Transparent User Identification (IFMAP)

Hello! I'm trying to use F5 DCAgent and IFMAP server for transparent user indentification. I've successfully installed DCAgent on a server and deployed an IFMAP iapp on BIGIP. I've also configured BIGIP system in transparent forward proxy mode using the following document: http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-secure-web-gateway-implementations-11-5-0/5.htmlconceptid

 

The problem is that sometimes transparent identification is working and sometimes it's not. I've found a way to see what information DCAgent recevies from a domain controller, but how can i make sure that this information reaches BIGIP? Is there any way to see what mappings ( - ) the BIGIP system has?

 

APM
security

3 Replies

Sort By
  • a_pavlov_114144's avatar
    a_pavlov_114144
    Icon for Cirrus rankCirrus
    Feb 24, 2014

    F5 Support gave me an advice on how to debug ifmap server: You can further enable debug by editing /var/swg/omapd/ompad.conf change debug_level to ffff as below:

    ffff

    Once the DCagent identifies a user logged in, I see the /var/log/omapd with the logs for inserting the user to the DB by the DCAgent.

    Now I can see that users are mapped to the wrong ip address.

    • a_pavlov_114144's avatar
      a_pavlov_114144
      Icon for Cirrus rankCirrus
      Feb 25, 2014
      Now I've noticed that I only have this issue when I use static ip address assignment, when I use DHCP everything works fine.
    • a_pavlov_114144's avatar
      a_pavlov_114144
      Icon for Cirrus rankCirrus
      Mar 14, 2014
      The problem was reproduced only when ip addresses on end machines was configured using static configuration (not DHCP). When we use DHCP everything works fine.