This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webadmin: Active Directory Protected Users no login

I can't login to WebAdmin with an AD account that is a member of Active Directory Protected Users.
Anybody knows what restriction is preventing that? I'm a little unsure if that is a normal behavior or not.

Best regrads 

Alex



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi Alexander Busch,

    If that AD user is allowed under WebAdmin Access Configuration, it should work. Please verify if you have that user allowed under Management > WebAdmin Settings > WebAdmin Access Configuration?

    Thanks,

     

  • Hi H_Patel,

    thanks for your answer. Unfortunately can't login whether the user is explicitly listed or via group membership. What's suspicious, this user can't be validated via the test function at the AD auth server. All other "normal" users working fine.
    On the DC I just got the log that NTLM auth has denied, which is normal because this is a protected user (http://go.microsoft.com/fwlink/?LinkId=298939).
    So anyone uses AD protected users to login in UTM or is that a problem with my setup? vSphere Client for example handles the login of that protected user without a problem.

    Best regards

    Alex

    -

Reply
  • Hi H_Patel,

    thanks for your answer. Unfortunately can't login whether the user is explicitly listed or via group membership. What's suspicious, this user can't be validated via the test function at the AD auth server. All other "normal" users working fine.
    On the DC I just got the log that NTLM auth has denied, which is normal because this is a protected user (http://go.microsoft.com/fwlink/?LinkId=298939).
    So anyone uses AD protected users to login in UTM or is that a problem with my setup? vSphere Client for example handles the login of that protected user without a problem.

    Best regards

    Alex

    -

Children
  • Hallo Alex,

    Thanks for posting about this.  It makes sense now.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    thank you for reading that. So just to be sure, have you ever tried to use a protected user to login to UTM?

    Does everyone here use a dedicated account for managing the UTM? Or your customers? Or nobody uses these protected users function, to be honest till now I haven’t used it myself.

    Best regards 

    Alex 

    -

  • No, Alex, I never tried that.  In fact, you've just taught me something that didn't exist when I learned Windows Server and AD on Server 2003!  Today, I know enough to analyze problems related to the UTM but not enough to do any initial configurations of Windows Server.

    In every case, my account for accessing a client's UTM is a Local one in WebAdmin.  I recommend to my clients that they use AD-authenticated clients for accessing WebAdmin, but that only the UTM administrator and his/her manager know the password for the Local "admin" account which is to be used only when AD is down.  I always use an RSA key with PuTTy to access the command line and never know the loginuser or root password for any of my clients.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA