Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS AD SSO ""Cannot initialise Kerberos authentication with DOMAIN"

I hope that I might be able to find an answer to my problem here.
I have joined the Sophos XGS to the domain. The AD object looks good. The Sophos XGS name is configured with FQDN. Unfortunately I get this error message for Kerberos: "Cannot initialise Kerberos authentication with DOMAIN"

Any Ideas?



This thread was automatically locked due to age.
Parents
  • Good day Folks,

    As I've been facing this issue too and the commands didn't help nor was my hostname more than 15 characters, here's how I solved it:

    The issue was a firewall name change/ AD hiccup, therefore I had to do the following steps:

    1. Turn OFF "AD SSO" for (in my case) the LAN zone in "Administration" - "Device access"

    2. Delete the computer object of the firewall in my AD

    3. Run the commands:

    service nasm:stop -ds nosync

    rm -rf /content/nasm

    service nasm:start -ds nosync

    4. Turn ON "AD SSO" for the LAN zone in "Administration" - "Device access"

    5. Run an authentication test for the configured AD server in "Authentication" and hit save afterwards

    As for the name change, I went with "hostname.domain" instead of just "hostname" for the firewall (According to Sophos, this should not make a difference though).

    Afterwards, the logs showed Kerberos authenticating :-).

    I'm running Version 20.0.0 GA-Build222 as a VM.

    Hope this helps someone!

    Cheers

    Max

Reply
  • Good day Folks,

    As I've been facing this issue too and the commands didn't help nor was my hostname more than 15 characters, here's how I solved it:

    The issue was a firewall name change/ AD hiccup, therefore I had to do the following steps:

    1. Turn OFF "AD SSO" for (in my case) the LAN zone in "Administration" - "Device access"

    2. Delete the computer object of the firewall in my AD

    3. Run the commands:

    service nasm:stop -ds nosync

    rm -rf /content/nasm

    service nasm:start -ds nosync

    4. Turn ON "AD SSO" for the LAN zone in "Administration" - "Device access"

    5. Run an authentication test for the configured AD server in "Authentication" and hit save afterwards

    As for the name change, I went with "hostname.domain" instead of just "hostname" for the firewall (According to Sophos, this should not make a difference though).

    Afterwards, the logs showed Kerberos authenticating :-).

    I'm running Version 20.0.0 GA-Build222 as a VM.

    Hope this helps someone!

    Cheers

    Max

Children
No Data