[Bug?] Sophos UTM forgets Bind DN password

Hello. I have the strangest problem with our UTM (9.408-4): it does not save the password to bind to LDAP. If I enter the right password and test, everything is fine; but if I save and come back, I get the message "Error: Server exists and accepts connections, but bind to ldap://1.2.3.4:389 failed with this BindDN and password."

I can reenter the password and it will work again, but not after saving. As I have about 20 server entries, this is very annoying whenever I need to test VPN authentication. Quid?

 

Edit: This does not happen on my older Sophos UTMs (9.407-3), only on those updated to 9.408-4, so I am assuming this is a bug in the latest build.

  • In reply to Oliver Yüzer:

    @Oliver: You can try with Bind DN as administrator@blue.local instead of CN=BLUE,DC=BLUE,DC=LOCAL

  • In reply to AsadulHasan:

    CORRECTION

    @Oliver: You can try with Bind DN as administrator@blue.local instead of CN=ADMINISTRATOR,DC=BLUE,DC=LOCAL

  • In reply to AsadulHasan:

    Hi, Asad, and welcome to the UTM Community!  Nice to have another participant from Sophos.

    Interesting - do we know when this was added, or has it always worked?

    Cheers - Bob

  • In reply to BAlfson:

    Hello Bob,

    Actually it always worked, in case your test connectivity is getting failed with CN=A,DC=B and DC=C you can go to the Windows power shell on the domain controller and run the command as  C:\Users\Administrator> dsquery user

    It will show you correct bind DN for each user and you can simply copy and paste the Bind DN into UTM for the required user and it works fine. 

    However you can also go with second approach as abc@xyz.local

    -Asad

     

  • In reply to AsadulHasan:

    Thanks, Asad - in fact, the dsquery is used in my KnowledgeBase article Configuring HTTP/S proxy access with AD SSO.

    Cheers - Bob

  • I know this is an old thread now but I am experiencing exactly the same behaviour in release 9.605-1  Wonder if there has been a regression in a later release?  I have tried deleting and re-entering the entire server entry.  When I initially enter the username and password and click test, I get a successful connection but once I click save and then go back into it and click test, I get unable to bind with this username or password.  Its frustrating as I am trying to troubleshoot SSO and HTTPS proxy and I am unsure whether the AD backend is actually working correctly or not.  

  • In reply to Kevin Murphy2:

    Hi Kevin and welcome to the UTM Community!

    When checking a user doesn't work, try the following as root at the command line:

    cc get_objects authentication adirectory |grep bind_pw

    That will show you in clear text what the UTM thinks is the password.  Is it correct?

    Cheers - Bob

  • In reply to BAlfson:

    Yes it is correct.  And the AD server queries are working from checking the logs.  Its just confusing when troubleshooting an issue to have it tell you that the credentials are invalid when they are not.

  • In reply to Kevin Murphy2:

    It sounds like you should get a case open with Sophos Support.

    The next time you get an invalid response, please post a picture of what you see including the Server definition.

    Cheers - Bob