HTML5 portal user not synchronizing well

Hi have 2 users who are part of the same AD groups named testts and testvpn2.
Both are able to login into the HTML 5 user portal, however only testts is able to access the resources.

In the user window I see that testvpn2 user doesn't have the VPN-Aphrodite group, however he is member of the group.
A manual sync has been triggered.

  • Thomas, in the UTM, you have defined a User Group named "VPN-Aphrodite" and added the "tests" user.  You probably don't want/need to have that group.  More likely, you want a Backend Group limited to the Active Directory Security Group "VPN-Aphrodite."  See #6 in Rulz.

    Cheers - Bob

  • In reply to BAlfson:

    Thank you for your response.
    However, this is a Backend Group limited to AD group "VPN-Aphrodite".

  • In reply to thomas raikkonnen:

    Indeed it is, Thomas!

    Membership in Backend Groups hasn't shown in the past, so I suspect that there might be a glitch in this new capability.

    What if you Edit the AD server on the 'Servers' tab and test the other user - does it show that he's a member of the "VPN-Aphrodite" group?  Does group membership now show up for the user?

    What happens if you enable 'Active Directory Group Membership Synchronization' on the 'Advanced' tab of 'Authentication Services' and then press the [Synchronize now] button - does the user then show membership?

    Cheers - Bob

  • In reply to BAlfson:


    I get the following message on both servers.
    However, the user is member of the "VPN-Aphrodite" AD group.

    Enable AD group membership background sync was already ticked and I pressed the button last week as well.

    The UTM also has been updated to the latest version (9.506-2)


    User authentication:

    Authentication test passed.

    User is a member of the following groups:

    No groups have been found for this user
  • In reply to thomas raikkonnen:

    Did Sophos Support say that this is a bug?

    Cheers - Bob

  • Found the issue, apparently the pre and post Win2000 name must be equal in AD.