Greetings,
Please bear with me:
We are getting the above message in our FW logs. I have verified the following things thus far:
Users can login to the VPN and validate w/o issue and w/o the captive portal.
The FW logs show all user activity for login/logout.
AD SSO is enabled.
STAS was also being used, but in troubleshooting this I have turned it off. Same results and all users are working fine.
FQDN is being used for the AD servers and connection test passes
-------------------- What issue I still have -----------------
I am still getting the 'Cannot establish NTLM authentication channel with <domain> error in the authentication logs, despite it seemingly authenticating everyone that is logging into the VPN. STAS is disabled and only AD SSO is enabled. I've gone through a large part of the troubleshooting steps from this article:
doc.sophos.com/.../index.html
However when I get to the step /oss/klist -e -k /tmp/krb5.keytab I get a permission denied error. (Also, it's not /oss/klist, it is oss/klist as oss is a subdir of nasm.
so I cannot go further in that test.
We are running 19.5.2 MR2-Build624, Model SG330
Any suggestions?
This thread was automatically locked due to age.
