Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 7913 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTML5 portal user not synchronizing well

thomas raikkonnen

Hi have 2 users who are part of the same AD groups named testts and testvpn2.
Both are able to login into the HTML 5 user portal, however only testts is able to access the resources.

In the user window I see that testvpn2 user doesn't have the VPN-Aphrodite group, however he is member of the group.
A manual sync has been triggered.



This thread was automatically locked due to age.
Parents
  • 0

    Thomas, in the UTM, you have defined a User Group named "VPN-Aphrodite" and added the "tests" user.  You probably don't want/need to have that group.  More likely, you want a Backend Group limited to the Active Directory Security Group "VPN-Aphrodite."  See #6 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thank you for your response.
    However, this is a Backend Group limited to AD group "VPN-Aphrodite".

  • 0 in reply to thomas raikkonnen

    Indeed it is, Thomas!

    Membership in Backend Groups hasn't shown in the past, so I suspect that there might be a glitch in this new capability.

    What if you Edit the AD server on the 'Servers' tab and test the other user - does it show that he's a member of the "VPN-Aphrodite" group?  Does group membership now show up for the user?

    What happens if you enable 'Active Directory Group Membership Synchronization' on the 'Advanced' tab of 'Authentication Services' and then press the [Synchronize now] button - does the user then show membership?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to thomas raikkonnen

    Indeed it is, Thomas!

    Membership in Backend Groups hasn't shown in the past, so I suspect that there might be a glitch in this new capability.

    What if you Edit the AD server on the 'Servers' tab and test the other user - does it show that he's a member of the "VPN-Aphrodite" group?  Does group membership now show up for the user?

    What happens if you enable 'Active Directory Group Membership Synchronization' on the 'Advanced' tab of 'Authentication Services' and then press the [Synchronize now] button - does the user then show membership?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi

    I get the following message on both servers.
    However, the user is member of the "VPN-Aphrodite" AD group.

    Enable AD group membership background sync was already ticked and I pressed the button last week as well.

    The UTM also has been updated to the latest version (9.506-2)

     

    User authentication:

    Authentication test passed.


    User is a member of the following groups:

    No groups have been found for this user
  • 0 in reply to thomas raikkonnen

    Did Sophos Support say that this is a bug?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML