Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Synchronized User ID and username with domain name not working

I have my XG configured with AD authentication using SSO client. Everything works - each domain user gets what she/he is supose to get. Now when I try to use Synchronized User Id I cannot get it to work. What I see in authentication log is following:

- for SSO client - user name is sent as "samAcconuntName@domain name" which is properly matched to users imported from domain

- for Synchornized User Id - user name is sent as "samAccountName" and XG cannot find such user so authentication fails

My questions is following:

- can I force XG somehow to match "samAccountName" request to user "samAccountName@domain name"

- is there a way to force heartbeat to include domain name as well in packet

 

Pawel



This thread was automatically locked due to age.
Parents
  • Hi Pawel,

    It will look for user details.  In order to acheive this settings the following conditions must be met..

    1. The Sophos Central Account must be linked to Sophos XG firewall.

    2. The XG firewall must be connected to the domain controller for authentication.

    3. The Users in the Central must have the same Profile. e.g. In the Central account if the user Domain/Username instead of Normal User then their profile must contain the Email address .

    4. Same Can be said on the local users on Sophos XG , use the Email address same as mentioned in the Central Profile.

    On the Endpoint you may check the username on the Sophos Endpoint UI> About > Run Diagnostics tool. > System

    Make sure the email address is the same as the user in both Sophos Central and Sophos XG. At the moment it does seem some improvement is needed to recognise NetBios Name.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • I've tried everything, still the reauthentication after 30 minutes will fail and in the logs on XG the username is stated without domain. 

  • in the logs on XG the username is stated without domain. - same for me

Reply Children
No Data