We'd love to hear about it! Click here to go to the product suggestion community
Hello. I have the strangest problem with our UTM (9.408-4): it does not save the password to bind to LDAP. If I enter the right password and test, everything is fine; but if I save and come back, I get the message "Error: Server exists and accepts connections, but bind to ldap://220.127.116.11:389 failed with this BindDN and password."
I can reenter the password and it will work again, but not after saving. As I have about 20 server entries, this is very annoying whenever I need to test VPN authentication. Quid?
Edit: This does not happen on my older Sophos UTMs (9.407-3), only on those updated to 9.408-4, so I am assuming this is a bug in the latest build.
In reply to Oliver Yüzer:
@Oliver: You can try with Bind DN as email@example.com instead of CN=BLUE,DC=BLUE,DC=LOCAL
In reply to AsadulHasan:
@Oliver: You can try with Bind DN as firstname.lastname@example.org instead of CN=ADMINISTRATOR,DC=BLUE,DC=LOCAL
Hi, Asad, and welcome to the UTM Community! Nice to have another participant from Sophos.
Interesting - do we know when this was added, or has it always worked?
Cheers - Bob
In reply to BAlfson:
Actually it always worked, in case your test connectivity is getting failed with CN=A,DC=B and DC=C you can go to the Windows power shell on the domain controller and run the command as C:\Users\Administrator> dsquery user
It will show you correct bind DN for each user and you can simply copy and paste the Bind DN into UTM for the required user and it works fine.
However you can also go with second approach as email@example.com
Thanks, Asad - in fact, the dsquery is used in my KnowledgeBase article Configuring HTTP/S proxy access with AD SSO.
I know this is an old thread now but I am experiencing exactly the same behaviour in release 9.605-1 Wonder if there has been a regression in a later release? I have tried deleting and re-entering the entire server entry. When I initially enter the username and password and click test, I get a successful connection but once I click save and then go back into it and click test, I get unable to bind with this username or password. Its frustrating as I am trying to troubleshoot SSO and HTTPS proxy and I am unsure whether the AD backend is actually working correctly or not.
In reply to Kevin Murphy2:
Hi Kevin and welcome to the UTM Community!
When checking a user doesn't work, try the following as root at the command line:
cc get_objects authentication adirectory |grep bind_pw
That will show you in clear text what the UTM thinks is the password. Is it correct?
Yes it is correct. And the AD server queries are working from checking the logs. Its just confusing when troubleshooting an issue to have it tell you that the credentials are invalid when they are not.
It sounds like you should get a case open with Sophos Support.
The next time you get an invalid response, please post a picture of what you see including the Server definition.