Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos xg home to AD password/group synchronization

Hi,

I have Sophos home deployed in our network, with AD groups synced-in from AD server for user-based internet access.

For a month or so now, when any users changes their domain user password, SSO (single sign on) does not work for them and they have to sign into the Sophos web portal once on with the new domain password (i guess to get the new domain password sync into Sophos) before internet starts working for them. They dont need to login to web portal again until they change the password again (may be months later).

Is there some setting that i can do to make SSO work after domain password change (followed by a reboot)? 



This thread was automatically locked due to age.
Parents
  • Hello  ,

    Thank you for reaching to the Sophos Community!

    There is no specific settings required on Sophos to work. As the firewall will act as accounting server only and will send the authorization request to the AD server. 

    1. Collect the log viewer snapshot of the authentication error received while they failed to login.

    2. Add Authentication service in debug from advance shell using below:

    service access_server:debug -ds nosync (Use the same command to disable the debug once the logs are collected)

    3. Once the service in debug, use the below command to review the authentication logs:

    cd /log

    tail -f access_server.log

    4. Try login with the user whose password changed.

    5. Simultaneously review the security event on your AD server for the user.

    You may paste the access_server logs and snapshot of the failed login to review it further.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello  ,

    Thank you for reaching to the Sophos Community!

    There is no specific settings required on Sophos to work. As the firewall will act as accounting server only and will send the authorization request to the AD server. 

    1. Collect the log viewer snapshot of the authentication error received while they failed to login.

    2. Add Authentication service in debug from advance shell using below:

    service access_server:debug -ds nosync (Use the same command to disable the debug once the logs are collected)

    3. Once the service in debug, use the below command to review the authentication logs:

    cd /log

    tail -f access_server.log

    4. Try login with the user whose password changed.

    5. Simultaneously review the security event on your AD server for the user.

    You may paste the access_server logs and snapshot of the failed login to review it further.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

Children
No Data