Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Subscribers 11 subscribers
  • Views 29304 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.502 Update causes Internet users cannot authenticate with active directory

Chuckak

SG-230 firewalls in HA configuration.  After upgrade to 9.502 users were unable to access the internet.  Kept prompting users for credentials.  Testing websites and users in the Policy Test page showed as working fine but it isn't.

Rejoined the firewall to the domain seems to have fixed it - for now.



This thread was automatically locked due to age.
Parents
  • 0

    I can confirm, that https-request with AD-Auth still failing with 9.502, http-request are working correctly with AD-Auth

    Proxy runs in standard mode with AD-Auth.

    Tried SSO re-join (+deleting of Sophos AD-Object), Rebooting and also using older UTM Backupfile...

     

    Sophos support case is open...

     

    regards

  • 0 in reply to SWeissflog

    For anyone still experiencing problems with AD SSO on 9.502 can you check your internal DNS servers for the A records relating to the UTM hostname. If there are multiple entries present here (corresponding to the different interfaces on the UTM) remove the entries that do not match the interface that the AD SSO clients are connecting to (typically the LAN interface).

    Flush DNS on the client machines and retest authentication.

     

    If this helps then can you drop me a private message to confirm?

     

    Thanks

  • 0 in reply to GregH

    Yes there were multiple DNS-A-Records for UTM but cleaning this entries did not solve the problem...(just left the DNS entry with internal ip)

    https-sites still not working with AD-Auth in proxy standard mode with UTM 9.502 here (at 2 customer sites)

    http-sites are working fine

     

    regards

  • 0 in reply to SWeissflog

    Thanks SWeissflog

    Just out if interest, do these client machines use any kind of local web control on the endpoint?

  • 0 in reply to SWeissflog

    I am running in transparent mode and never could get HTTPS to authenticate smoothly for the clients, I gave up on it.  I let it pass.

    Still authenticating fine since I rejoined the domain. - Just put in the same credentials and did not restart anything.

    I am running Kaspersky on the clients which has web filtering.

  • 0 in reply to Chuckak

    Your problem seems to be an other (well known) problem...

    When using transparent mode with AD authentication the initial reqest of a client must be a http-request! So if there is no authentication cache for the user/client on the UTM the client/user will receive an authentication pop-up...this often happens after reebooting/updating a single UTM... 

    https://community.sophos.com/kb/en-us/120791#Limitations

     

Reply Children
No Data
Unfiltered HTML