Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
We'd love to hear about it! Click here to go to the product suggestion community
I am quite new to the XG and have a question. I am using SSL VPN with AD Authentication.
Connecting to the XG using the Client or using OpenVPN on an Iphone works fine.
However how can I enable SSO with the AD Controller when someone logs in via SSL VPN?
Any help welcome
Hi Marcus Michaels Please read the below-given community thread.https://community.sophos.com/products/xg-firewall/f/authentication/92306/using-active-directory-groups-to-authenticate-vpn-users
In reply to Keyur:
thanks for your reply.
Maybe my post was not clear. I got this to work easily. I use the Sophos SSL client and get authenticated.
Before I got the XG I had a pfSense and used Radius to authenticate the client. As soon as I was connected via OpenVPN, clients could also access Exchange or the NAS without another password prompt.
Now I can not access ressources which are secured via AD.
For example I can not use SQL Management Studio with my Windows Login, only works when using SQL users. Or I cant access the NAS which also authenticates via AD.
Therefore I metioned SSO. How does the XG handles this issue?
In reply to Marcus Michaels:
How could Pfsense handle such authentication methods?
In reply to LuCar Toni:
Hi LuCar Toni,
I used Radius and it worked.
Login to the Client Laptop, started OpenVPN with Radius authentication and I was never asked to a password prompt from AD secured ressources.
You could work with Radius for SSL VPN.
Hi Lucar Toni,
RADIUS seems to be a way to go, however I only get the test connection working. Real connections fail.
To whom it may concern,
for me, the following solution solved the issue. This also works with the XG AD Authentication
nslookup gave me the DNS of the ISP only, so obviously there was no way for the client notebook to contact the AD server.
I manually added my AD Server as option in the ovpn file on the client, as I havn't found a way to add it to the provisioning file in the user portal. I had that same option on my pfSense.
dhcp-option DNS x.x.x.x
nslookup then used my AD server
I could then access file ressources and even the SSPI context for SQL Management Studio was created and I could login using my windows credentials.