This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Directory Authentication is not working

Hi Community,

i have a problem with one of our customers setups, they're running a windows server 2012 Domain controller and i'm trying to connect the sophos utm 9.716 to it, however it always says failed to bind with this dn and password, server exists and accepts connections.

Then i take a look at the event viewer on the domain controller and it says account logged off, logon type 3, i already tried every thinkable combination and the account is also being recognised by the active directory. So now i'm thinking where could be the problem, is it a server problem or a sophos problem since every other client and account seems to be working in the environment.

I'm also thinking perhaps a reboot of ether the sophos of the server might fix it ?

Greetings,

George

This thread was automatically locked due to age.

Top Replies

Vivek Jagad over 1 year ago +1 suggested

Hello Georg Zoeller , Thank you for reaching out to the community, Event Id 4634 logon type 3 means that the user or computer logged on to this computer from the network . The user or computer accesses…

Parents

0 admin888 over 1 year ago

I don't know how it is with Windows Server 2012 but we had to switch from port 389 to 636 in 2020 because Microsoft started enforcing LDAPS (we use Windows Server 2019). These are our settings on the UTM now:

If you use recipient verification in the SMTP proxy you also have to change a config file in the UTM via SSH: www.frankysweb.de/.../
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 admin888 over 1 year ago

I don't know how it is with Windows Server 2012 but we had to switch from port 389 to 636 in 2020 because Microsoft started enforcing LDAPS (we use Windows Server 2019). These are our settings on the UTM now:

If you use recipient verification in the SMTP proxy you also have to change a config file in the UTM via SSH: www.frankysweb.de/.../
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Georg Zoeller over 1 year ago in reply to admin888

Hi, no server 2012 uses regualr ldap, already tried it in a lab, i'm pretty sure that it's problem related to the antivirus solution at the customer.
Cancel
Vote Up 0 Vote Down

Cancel
0 Alan Brand over 1 year ago in reply to Georg Zoeller

Are you aware oft the recent domain join hardening changes introduced by microsoft?

See KB5020276 and note the modified timeline, especially the depreciation of NetJoinLegacyAccountReuse after Aug 10 2023.
Cancel
Vote Up 0 Vote Down

Cancel
0 Georg Zoeller over 1 year ago in reply to Alan Brand

I have already recreated the exact sitation in a lab, the newest patches were installed on my machine, it was working witthout a problem
Cancel
Vote Up 0 Vote Down

Cancel
0 Georg Zoeller over 1 year ago in reply to Georg Zoeller

i also just tried to domain join the sophos to the active directoy, it's now saying it was successfully joine to the domain, however the surprising this is that the authentication server is still staying failed to bind to ldap
Cancel
Vote Up 0 Vote Down

Cancel
0 Georg Zoeller over 1 year ago in reply to Georg Zoeller

And the logon type is 4672 in the event viewer for the domain join of the sophos
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to Georg Zoeller

Hey Georg Zoeller refer - Troubleshoot issues when joining the UTM to an Active Directory domain.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to Georg Zoeller

Hey Georg Zoeller - Event ID 4672 – Special Privileges Assigned To New Logon.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Georg Zoeller over 1 year ago in reply to Vivek Jagad

I mean i dont quite think it's a problem with adding the sophos to the domain, i mean it now says it's joined to the domain, however the authentication services is still not working
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to Georg Zoeller
UTM 9 uses aua as the authentication service, enable extended authentication debug output:

Access the UTM backend via console or SSH.

Login as root.

To enable debugging, enter command: killall -USR2 aua.bin

To disable it, enter the command again.

When extended debugging is enabled, more information regarding authentication requests will be logged to /var/log/aua.log. Note: this does not include AD SSO authentication requests.

And is the UTM on the latest version 9.716 ? Check the release notes.
Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel