This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Bug?] Sophos UTM forgets Bind DN password

Hello. I have the strangest problem with our UTM (9.408-4): it does not save the password to bind to LDAP. If I enter the right password and test, everything is fine; but if I save and come back, I get the message "Error: Server exists and accepts connections, but bind to ldap://1.2.3.4:389 failed with this BindDN and password."

I can reenter the password and it will work again, but not after saving. As I have about 20 server entries, this is very annoying whenever I need to test VPN authentication. Quid?

 

Edit: This does not happen on my older Sophos UTMs (9.407-3), only on those updated to 9.408-4, so I am assuming this is a bug in the latest build.



This thread was automatically locked due to age.
  • @Oliver: You can try with Bind DN as administrator@blue.local instead of CN=BLUE,DC=BLUE,DC=LOCAL

    -Asad

  • CORRECTION

    @Oliver: You can try with Bind DN as administrator@blue.local instead of CN=ADMINISTRATOR,DC=BLUE,DC=LOCAL

    -Asad

  • Hi, Asad, and welcome to the UTM Community!  Nice to have another participant from Sophos.

    Interesting - do we know when this was added, or has it always worked?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob,

    Actually it always worked, in case your test connectivity is getting failed with CN=A,DC=B and DC=C you can go to the Windows power shell on the domain controller and run the command as  C:\Users\Administrator> dsquery user

    It will show you correct bind DN for each user and you can simply copy and paste the Bind DN into UTM for the required user and it works fine. 

    However you can also go with second approach as abc@xyz.local

    -Asad

     

    -Asad

  • Thanks, Asad - in fact, the dsquery is used in my KnowledgeBase article Configuring HTTP/S proxy access with AD SSO.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I know this is an old thread now but I am experiencing exactly the same behaviour in release 9.605-1  Wonder if there has been a regression in a later release?  I have tried deleting and re-entering the entire server entry.  When I initially enter the username and password and click test, I get a successful connection but once I click save and then go back into it and click test, I get unable to bind with this username or password.  Its frustrating as I am trying to troubleshoot SSO and HTTPS proxy and I am unsure whether the AD backend is actually working correctly or not.  

  • Hi Kevin and welcome to the UTM Community!

    When checking a user doesn't work, try the following as root at the command line:

    cc get_objects authentication adirectory |grep bind_pw

    That will show you in clear text what the UTM thinks is the password.  Is it correct?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes it is correct.  And the AD server queries are working from checking the logs.  Its just confusing when troubleshooting an issue to have it tell you that the credentials are invalid when they are not.

  • It sounds like you should get a case open with Sophos Support.

    The next time you get an invalid response, please post a picture of what you see including the Server definition.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA