This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Bug?] Sophos UTM forgets Bind DN password

Hello. I have the strangest problem with our UTM (9.408-4): it does not save the password to bind to LDAP. If I enter the right password and test, everything is fine; but if I save and come back, I get the message "Error: Server exists and accepts connections, but bind to ldap://1.2.3.4:389 failed with this BindDN and password."

I can reenter the password and it will work again, but not after saving. As I have about 20 server entries, this is very annoying whenever I need to test VPN authentication. Quid?

 

Edit: This does not happen on my older Sophos UTMs (9.407-3), only on those updated to 9.408-4, so I am assuming this is a bug in the latest build.



This thread was automatically locked due to age.
Parents
  • I know this is an old thread now but I am experiencing exactly the same behaviour in release 9.605-1  Wonder if there has been a regression in a later release?  I have tried deleting and re-entering the entire server entry.  When I initially enter the username and password and click test, I get a successful connection but once I click save and then go back into it and click test, I get unable to bind with this username or password.  Its frustrating as I am trying to troubleshoot SSO and HTTPS proxy and I am unsure whether the AD backend is actually working correctly or not.  

  • Hi Kevin and welcome to the UTM Community!

    When checking a user doesn't work, try the following as root at the command line:

    cc get_objects authentication adirectory |grep bind_pw

    That will show you in clear text what the UTM thinks is the password.  Is it correct?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes it is correct.  And the AD server queries are working from checking the logs.  Its just confusing when troubleshooting an issue to have it tell you that the credentials are invalid when they are not.

  • It sounds like you should get a case open with Sophos Support.

    The next time you get an invalid response, please post a picture of what you see including the Server definition.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • It sounds like you should get a case open with Sophos Support.

    The next time you get an invalid response, please post a picture of what you see including the Server definition.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data