We'd love to hear about it! Click here to go to the product suggestion community
Hello. I have the strangest problem with our UTM (9.408-4): it does not save the password to bind to LDAP. If I enter the right password and test, everything is fine; but if I save and come back, I get the message "Error: Server exists and accepts connections, but bind to ldap://220.127.116.11:389 failed with this BindDN and password."
I can reenter the password and it will work again, but not after saving. As I have about 20 server entries, this is very annoying whenever I need to test VPN authentication. Quid?
Edit: This does not happen on my older Sophos UTMs (9.407-3), only on those updated to 9.408-4, so I am assuming this is a bug in the latest build.
Run adsiedit.msc in the command prompt for AD, to review the schema of Active Directory.Check that the Bind DN configuration is proper. Do you discover any error in the aua.log. Make sure the time and date difference between UTM and AD is not greater than 5 minutes.
Hope that helps.
In reply to sachingurung:
As I said: when re-entering the password the test completes successfully. This wouldn't happen if the DN was wrong. This only happens on devices with the latest update, not with the previous update. Domain and UTM have no time difference. Also the bind DN is correct and aua.log only shows the obvious:
In reply to J.Janssens:
Thanks for the log lines. In the logs aua id:3006 means information message from the aua demon.
'Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options
If your security policies require that the LDAP server signing requirements remain enabled, then please ensure that SMB signing is also enabled in Active Directory. This allows the UTM to connect using SSL.
Once SMB Signing is enabled in Active Directory, ensure that SSL is enabled and that you are connecting to the Global Catalog Server over port 3269 in the UTM authentication server configuration settings.
Please explain to me why it works when manually re-entering the password if it was an issue on the AD side, let alone if a handful of other UTMs with an older firmware do not have this problem, even though they connect to exactly the same DCs. Also this problem happens in an AD site that has been running with Sophos for years without issues until the last update.
As this is a business environment and not a home scenario, I will escalate this with our Sophos reseller.
I too have the same problem with 9.408-4.
Step to reproduce.
1. Enter the AD details (Don't Save yet)
2. Click Test. Reply will be "Server test passed"
3. Click Save
4. Edit the profile again
5. Click Test (An error will appear)
6. Type again the bind password
7. Click Test (Server test passed)
Something in Sophos is definitely broken.
Please fix asap.
In reply to John Homer Alvero:
Thank you. I hope this thread will get some more attention now.
In that case, please report this to the Support Team and provide me the case#. Meanwhile, did you tried my suggestion and does that help?
Same Problem here on all UTM's with new Firmware. DC's are from 2008-2012R2 - all causing the same problem.
Edit: sachingurung - the values are already set.
I too am experiencing the same issue with firmware 9.408-4.
The same problems with firmware 9.408-4
In reply to ISASKSTT:
I can confirm that this problem exists on several UTM's after 9.408-4 update.
Opened a support case.
The issue is fixed in the next firmware release. The JIRA ID for this bug is NUTM-5888.
Do we have a date for this?
I was beginning to think I was losing my mind. Glad to know this is not just me!
Do we have a date for the fix yet?
In reply to J.Rivett:
I'm happy to see it's finally acknowledged that this is a bug.