This article explains how to HTTP/HTTPS proxy access with Active Directory Single Sign-on (AD SSO) with a Sophos UTM.
Known to apply to the following Sophos product(s) and version(s) Sophos UTM
Operating systems V7, V8, V9
There are several steps in this process:
If you pick a user with administrative rights, you will be able to configure either or both LDAP and AD. You will need the full, exact DN for the UTM to be able to work with AD or LDAP services.
The following example shows a scenario where the user has a separate login for an administrator, bob2:
dsquery user –name b*
Do not add the Astaro to AD here. That will be done in a later step.
If you have not already created a Definition in Networks for this server, do the following
Continuing the above example and using the 'bob2' account because it's an administrator:
Important: A glitch in this process requires you to edit the definition as indicated in this example:
An alternate workaround is to rename your AD Security Groups so that they do not have spaces in the first CN. For example rename the AD group 'Web Allowed' to 'WebAllowed', making the LDAP name: 'CN=WebAllowed,OU=Users,OU=MyBusiness,DC=Ourdomain,DC=local'
Internet Explorer proxy settings can be automatically set on all windows 2000, XP and Vista clients via the Group Policy feature in an Active Directory Domain. This way each client receives the proxy settings automatically when logging in to the Active Directory Domain.
This has several advantages including that the settings do not need to be manually configured on each client, and the proxy configuration cannot be changed by the user.
This article was submitted by Robert H. Alfson (Bob), MediaSoft Inc.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.