I had updated the firmware for sophos firewall yesterday and after that we are facing the captive portal issue.
We have STAS enabled for domain systems where users can use internet directly after logging into domain pc's, those who are out side domain environment will get a captive portal to access the internet. Since the latest firmware update, we are not getting redirected to the captive portal instead we get the ntlm page. I have attached screenshots. Need a solution.
You should disable NTLM/ADSSO for your Zones in Device Access.
yes, disabling ADSSO works in device access.
the issue is solved. but in my firewall, there was no ntlm option to disable so I disabled adsso. it worked. Just wanna know why the issue happened when ADSSO was enabled.
When "use web authentication" is performed it should always look to see if AD SSO is enabled, and if AD SSO is working (eg has a good connection to the AD server). If it is, then AD SSO is used before Captive Portal.NTLM and Kerberos are forms of AD SSO. Prior to 18.0 only NTLM was supported and people who remember the old UI may still use that term.It is possible that you always had AD SSO enabled but it did not have good connection to the AD server. We have done various fixes and it might be that with the upgrade it re-established the connection to AD resulting in AD SSO now working and a change in behavior.
thanks a lot
Disable NTLM will not autenticate user by NTLM Kerberos. Is there anothe option?
STAS is a method of authentication.AD SSO is a method of authentication.Having both enabled at the same time causes problems as they both try to authenticate the same connection.So for "Is there another option" the answer is "use the STAS that the original poster said was enabled".
It shouldnt happen on pratice, because i already having problem with STAS autentication, AD SSO should work side STAS to have multiple autentication modes.