Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 910 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM / User Portal: Works about once per day (locally defined users, not AD)

FirstName LastName

I am able to authenticate about once per day on the user portal with one user on one computer.
If I do it again with another user's credentials, I get the rather meaningless "user/password wrong or policy blocking" - popup.
I do it again the next day, I get again one shot.

With about 50 users who I would like to advise to look into their spam reports online... that's a tiny bit of a complete road block.

Some part on the Sophos UTM seems to cache a part of the login configuration, and simply rejects anything but the first remoteIP:userLogin pair.

a) Is there a way to debug this behaviour, to validate my theory?
b) Is there a way to circumvent this behaviour, e.g. by adding an undocumented parameter that skips the cache? (?no_cache=1 does NOT help.)
c) Is there a way to fix this behaviour by means of a hidden configuration setting? (I don't mind logging in as root and set some obscure flag, as long as things work afterwards...)



This thread was automatically locked due to age.
  • 0

    Hallo and welcome to the UTM Community!

    I'm not seeing this behavior here or at any client site.  What do you see in the /var/log/aua.log related to such a failed authentication?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1

    Under Web Protection -> Filtering options -> Misc there is a caching section. 

    I don't know whether or not this could be the culprit, since I have always had this off. I don't think there's real benefit in having it on especially with high-bandwidth connections. If your's is on you can at least try to clear the cache or also disable to function and see if this changes things.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Wow, spot on!
    Thanks a huge lot, apijnappels!

    I'd never have guessed that section to be related to this issue. (It's still quite puzzling, because the "cache ssl content" checkbox was unmarked, and we do use (self-signed) https - connections for the portal, so the cache shouldn't have interfered either way. But it did!)

Unfiltered HTML