Hello, we have a peculiar effect.We received a username/password error from AD when using SSL RAS VPN. IPSec-RAS-VPN and user portal work.We tried the "old" open vpn client and connect 2.2.xx We chose a very simple password: Kxxxxxxx45#... to no avail. I'm running out of ideas...any advice?
Thank you for contacting the Sophos Community.
Just to clarify, you were using SSL VPN with Sophos Connect Client?
Does your password use umlauts?
Thanks for your answer.
Yes, we use SSL VPN with Sophos Connect Client (but try the old client too)
We try "Kennwort45#" as password.
It works with Connect+IPSec, but not with Connect+SSL or the old OVPN(SSL).
FW send the password to AD an AD answer with "Incorrect username or password"
Is there a "deep authentication debug" like in SG?
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
Just as a workaround: did you try to change the # to a ! ? Maybe a bug with # at the end of the password, or place the # at another position.
Sophos SG 210 with Sophos XG Home - 19.5 GA
If a post solves your question please use the 'Verify Answer' button.
all password issues should have been fixed with connect client 2.2
in 2.1 there have been issues with passwords like this:
#secure (# at the beginning)pass#?word (combination of #? in the middle)Secure password (blank / space charactoer)pass\word (backslash in the middle)
# at the end should have worked.
Password issues should only occur in Sophos Connect not the OpenVPN client. So likely SFOS is blocking it.
Check authentication services settings, if you selected for SSLVPN the correct server.
I see the authentication attempt at the correct AD-server. This server denies the authentication because username/password error.
Is there some kind of deep authentication debug like within SG?
You can check the access_server.log first.
If the information is not available, you can set the debug mode on, but i would suggest to do the investigation first without debug, as the debug mode will log a lot more information.
Debug mode: service access_server:debug -ds nosync
(same command to disable)
Are you using MFA?
we try it with 2FA disabled too.
Which 2FA problems do we have to expect?I use 2FA within a lot of installations. But never using a provisioning file.
... but the "old" openvpn client we use without provisioning ... and see the same problems.
No issues with 2FA/MFA/OTP as far as I know.
What does the access_server.log in debug mode show?