This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Objekt im AD wird durch Proxy Basic Auth gesperrt

Guten Morgen liebe Community,

 

hier erstmal meine Konfiguration:

UTM 9 Firmware: 9.505-4

Client mit Firefox 57 Browser

 

Problem:

Ich habe für einige Clients ein Proxy-Profil angelegt das über Standart Mode/Basic User Auth funktionieren soll. Der User öffnet den Browser, soll sich authentifizieren. Soweit so gut. Mein Problem ist nun das der Client sich erfolgreich authentifiziert , schließt er aber den Browser aber werden zwei DENIED Meldungen im Log abgesetzt und der User ist im AD gesperrt.

Ist das ein Bug? Ziel wäre eigentlich: Die UTM sperrt nicht den User im AD bei falschen Anmeldeversuchen.

 

Hier ein Logfile mit Kommentaren:

 

User startet Browser und authentifiziert sich erfolgreich:

2017:11:16-07:34:52 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 43"
2017:11:16-07:34:52 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Child 30209 is running too long. Terminating child"
2017:11:16-07:34:52 XXX aua[30661]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:34:52 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 43"
2017:11:16-07:34:52 XXX aua[30662]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:34:52 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 43"
2017:11:16-07:34:52 XXX aua[30663]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:34:52 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 43"
2017:11:16-07:34:52 XXX aua[30664]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:34:52 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 43"
2017:11:16-07:34:53 XXX aua[30667]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:34:53 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 43"
2017:11:16-07:34:53 XXX aua[30669]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:34:53 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 43"
2017:11:16-07:34:53 XXX aua[30670]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:34:53 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 43"
2017:11:16-07:34:53 XXX aua[30671]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:34:53 XXX aua[30661]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="XXX.YYY.VVV.ZZZ" host="" user="USERNAME" caller="http" engine="adirectory"
2017:11:16-07:34:53 XXX aua[30662]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="XXX.YYY.VVV.ZZZ" host="" user="USERNAME" caller="http" engine="adirectory"
2017:11:16-07:34:53 XXX aua[30663]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="XXX.YYY.VVV.ZZZ" host="" user="USERNAME" caller="http" engine="adirectory"
2017:11:16-07:34:53 XXX aua[30664]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="XXX.YYY.VVV.ZZZ" host="" user="USERNAME" caller="http" engine="adirectory"
2017:11:16-07:34:53 XXX aua[30669]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="XXX.YYY.VVV.ZZZ" host="" user="USERNAME" caller="http" engine="adirectory"
2017:11:16-07:34:54 XXX aua[30671]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="XXX.YYY.VVV.ZZZ" host="" user="USERNAME" caller="http" engine="adirectory"
2017:11:16-07:34:54 XXX aua[30667]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="XXX.YYY.VVV.ZZZ" host="" user="USERNAME" caller="http" engine="adirectory"
2017:11:16-07:34:54 XXX aua[30670]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="XXX.YYY.VVV.ZZZ" host="" user="USERNAME" caller="http" engine="adirectory"

 

User schließt den Browser:


2017:11:16-07:35:37 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 43"
2017:11:16-07:35:37 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Child 30671 is running too long. Terminating child"
2017:11:16-07:35:37 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Child 30669 is running too long. Terminating child"
2017:11:16-07:35:37 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Child 30664 is running too long. Terminating child"
2017:11:16-07:35:37 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Child 30670 is running too long. Terminating child"
2017:11:16-07:35:37 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Child 30663 is running too long. Terminating child"
2017:11:16-07:35:37 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Child 30662 is running too long. Terminating child"
2017:11:16-07:35:37 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Child 30667 is running too long. Terminating child"
2017:11:16-07:35:37 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Child 30661 is running too long. Terminating child"
2017:11:16-07:35:37 XXX aua[30912]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:35:37 XXX aua[3684]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 43"
2017:11:16-07:35:37 XXX aua[30913]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:35:37 XXX aua[30912]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:35:37 XXX aua[30913]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (adirectory)"
2017:11:16-07:35:37 XXX aua[30913]: id="3006" severity="info" sys="System" sub="auth" name="Server XXX.YYY.VVV.ZZZ (adirectory) is disabled"
2017:11:16-07:35:37 XXX aua[30913]: id="3006" severity="info" sys="System" sub="auth" name="Server XXX.YYY.VVV.ZZZ (adirectory) is disabled"
2017:11:16-07:35:37 XXX aua[30913]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (radius)"
2017:11:16-07:35:37 XXX aua[30912]: id="3006" severity="info" sys="System" sub="auth" name="Server XXX.YYY.VVV.ZZZ (adirectory) is disabled"
2017:11:16-07:35:37 XXX aua[30912]: id="3006" severity="info" sys="System" sub="auth" name="Server XXX.YYY.VVV.ZZZ (adirectory) is disabled"
2017:11:16-07:35:37 XXX aua[30912]: id="3006" severity="info" sys="System" sub="auth" name="Trying XXX.YYY.VVV.ZZZ (radius)"

2017:11:16-07:35:37 XXX aua[30912]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="XXX.YYY.VVV.ZZZ" host="" user="USERNAME" caller="http" reason="DENIED"
2017:11:16-07:35:37 XXX aua[30913]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="XXX.YYY.VVV.ZZZ" host="" user="USERNAME" caller="http" reason="DENIED"

 

Useraccount ist gesperrt im AD !

 

 

UPDATE:

Ich hab das ganze mal mit Internet Explorer getestet. Der scheint am Ende keine falschen Authentifizierungen rauszuhauen ist wohl auch ein FireFox Thema. Ein Workaround sind wohl für mich an der Stelle rein lokale User zu nutzen. Die falschen Authentifizierungen bei schließen vom Firefox haben den Vorteil das der User sich bei einem Neustart des Browsers gleich wieder anmelden muss.



This thread was automatically locked due to age.
  • Warum nimmst Du nicht Active Directory SSO? Dann müssen sich die Anwender nicht erst im Firefox anmelden und du kannst trotzdem alles über das Webfiltering steuern.

     

    ciao

    Robert

  • Der Rechner wird von mehreren Personen mit funktionellem AD-User genutzt. Das surfen soll aber über einen personalisierten Account erfolgen. Daher leider kein AD möglich.

  • Hallo Bernd,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    I think you should be able to change the lockout policy in AD to never lock out for some accounts or to a higher number for all accounts.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA