This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM v9.510-5 some users failing to authenticate so subject to default rule

Hi,


We have 4 UTMs currently to serve different geographic locations, all are in HA pairs (Active/Passive).  All are working fine except one where some users are unable to authenticate through it.


We are using AD SSO

We have standard users who are seemingly just not authenticated and one of my Team is unable to access the WebAdmin console of the same UTM.


The webadmin log shows the following for the affected users 'user="" group="" ad_domain=""' so my interpretation is that its failed to authenticated them and they are subjetc to the default rule.?

The Admin staff who is failing to access the WebAdmin console generates the following in the 'User Authentication Daemon' log:

aua[23013]: id="3006" severity="info" sys="System" sub="auth" name="Unknown user %username removed%"

aua[23013]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="IP address" host="" user="%username removed%" caller="webadmin" reason="DENIED"


Through any of the other proxies they are fine.

I have done the following:

1. Flushed the Auth cache.
2. Brought the problematic UTM up to the latest firmware. Rebooted of course.
2. Dropped it from the domain and rejoined it.

3. Compared and contrasted the config with other UTMs.

 

Can anyone point me in the right direction for troubleshooting this sort of issue before i get support involved?

 

Cheers

 

Geoff



This thread was automatically locked due to age.
  • What result do you see when using the test functions on the authentication server properties page?

    Do you have only one domain (per UTM) or do you have cross-domain considerations?

    Is the configured domain controller reachable from the problem device?

    Support is usually very good at troubleshooting well-defined problems like this.

  • Hi Geoff,

    Isn't this a question about Web Protection?  What happens if you configure as in Configuring HTTP/S proxy access with AD SSO?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Douglas,

    The test shows as successfull.

    We have multiple domains but the other domains have very fewusers in them and these users are in the same domain as the UTMs.

    The DCs are accessible, as mentioned this is only a few people who exhibit this behaviour on this UTM.  The vast majority are working fine.

     

  • Hi Balfson,

    We have AD SSO configured and it is working fine for the vast majority of people.  Its only a few people who are having issues.

    All our UTMs are configured the same and the affected users work through the other ones but not this one which is geographically local to them and set via GPO.

     

    Geoff