Synchronized UserID and username format

Hi,

SFOS 17.5.0 Beta-2 and Central Endpoint v2.2.1 Beta (Network Threat Protection 1.7.620.0). When I'm trying to use DOMAIN\username or just short username authentication fails because of wrong credentials. When I'm using full username@domain login format and user is being authenticated fine. Log sample:

Regards,

Marek Dalke

  • Problem solved. Wrong logon suffix in user account settings on the domain controller. After switching back to the domain configured on XG Firewall, synchronized UserID started to work.

  • In reply to MarekDalke:

    How did you get to sync users?

    I have InterceptX with EDR as clients and using v17.5


    As I understood it, you not need do anything an Heartbeat automatically sends the information forward?

  • In reply to Paul Digby:

    Paul Digby

    As I understood it, you not need do anything an Heartbeat automatically sends the information forward?

    Nothing. XG Firewall intercepts the heartbeat signaling from the Endpoint. Don't forget to define the Active Directory (CONFIGURE > Authentication > Servers > Add) and point it as authentication method (CONFIGURE > Authentication > Services).

  • In reply to MarekDalke:

    Yes - that is already done. But still see nothing

  • In reply to Paul Digby:

    Problem Resolved!

     

    The resolution for me was simply to simply check the box next to 'Show captive portal to unknown users' in firewall rule. Thinking about it, not sure why it does not recognise the user. For another day.

  • In reply to MarekDalke:

    MarekDalke

    Problem solved. Wrong logon suffix in user account settings on the domain controller. After switching back to the domain configured on XG Firewall, synchronized UserID started to work.

     

    Where can i find that setting? We are encountering the same Problem right now in our Setup

  • In reply to Lars Hartmann:

    AD server > Active Directory Users and Computers (run dsa.msc) > User > Account Tab > User Logon Name > select the right domain from dropdown list

  • In reply to MarekDalke:

    Does the XG cope with mulitple AD domains as we use more than one?

  • In reply to CMR:

    Hello CMR,

    It handles multiple domains ok, I have used the XG on a 3 separate domain system as well as a forest with 5 subdomains and worked as expected. However, the issue you will encounter is if all the domains are on the same DCs then STAS will be unsuitable as STAS can only track one domain per software installation. If the domains are on separate DCs then that should not be an issue but make sure STAS implementations on the XG are done in separate groups so the XG does not think they are all part of the same STAS unit.

    If you have multiple domains on the same DC then set up STAS for the largest domain and configure NTLM for all domains. STAS will catch the logins for the largest domain and the other domains will fallback login on NTLM when they browse.

    Also, for performance, make sure you set the Base DNs as close to the User locations as much as possible else you can get slowdown during high volume login times.

    Emile

  • In reply to EmileBelcourt:

    We have 100s of users across two UPN suffixes on one domain.  It is the multiple UPN suffixes that I'd like supported, I don't need multiple AD domains and I'd like to move away from STAS etc.