Captive Portal issue (ntlm 8091)

I had updated the firmware for sophos firewall yesterday and after that we are facing the captive portal issue.

Our setup:

We have STAS enabled for domain systems where users can use internet directly after logging into domain pc's, those who are out side domain environment will get a captive portal to access the internet. Since the latest firmware update, we are not getting redirected to the captive portal instead we get the ntlm page. I have attached screenshots. Need a solution.



Edited TAGs
[edited by: emmosophos at 7:29 PM (GMT -7) on 11 May 2022]
Parents
  • You should disable NTLM/ADSSO for your Zones in Device Access. 

    __________________________________________________________________________________________________________________

  • the issue is solved. but in my firewall, there was no ntlm option to disable so I disabled adsso. it worked. Just wanna know why the issue happened when ADSSO was enabled.

  • When "use web authentication" is performed it should always look to see if AD SSO is enabled, and if AD SSO is working (eg has a good connection to the AD server).  If it is, then AD SSO is used before Captive Portal.
    NTLM and Kerberos are forms of AD SSO.  Prior to 18.0 only NTLM was supported and people who remember the old UI may still use that term.

    It is possible that you always had AD SSO enabled but it did not have good connection to the AD server.  We have done various fixes and it might be that with the upgrade it re-established the connection to AD resulting in AD SSO now working and a change in behavior.

Reply
  • When "use web authentication" is performed it should always look to see if AD SSO is enabled, and if AD SSO is working (eg has a good connection to the AD server).  If it is, then AD SSO is used before Captive Portal.
    NTLM and Kerberos are forms of AD SSO.  Prior to 18.0 only NTLM was supported and people who remember the old UI may still use that term.

    It is possible that you always had AD SSO enabled but it did not have good connection to the AD server.  We have done various fixes and it might be that with the upgrade it re-established the connection to AD resulting in AD SSO now working and a change in behavior.

Children