Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 6569 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to re-add previously deleted user

JanaSquires

Hi Folks,


One of our users was experiencing a problem with logging in at the UTM User Portal - this despite changing their AD password and confirming that the password was correctly entered.

As a result, at the UTM 9 admin console I deleted a user account (not from AD).   At AD, I temporarily removed and re-added the user to the required group.  However it has been over 4 hours, and the user account has not been re-added to the Sophos UTM.   

Where do I go to find the sync interval with AD?  Also, is there a way to force the UTM to sync with AD to pull back in the previously deleted account?

Thanks,

- Jana



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Jana, and welcome to the UTM Community!

    At the bottom of the 'Advanced' tab in 'Definitions & Users >> Authentication Services', you can configure This and sync users at any time.  Check #6 in Rulz to see when you don't need to sync users.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks Bob.  


    I was also working with Sophos Support who advised of the same.  However the sync did not work.

    Instead, I added the user's group to the Prefetch User Directory list, and performed a prefetch.  This then pulled the user account back in - created a few, and updated the accounts of all other VPN users.

    Since then, several users reported that they were unable to connect to VPN.  To fix that issue, we reset their OTP tokens.

    I'm not sure if this a direct result of the prefetch that was done yesterday.  Do you know if the prefetch would cause this issue?

  • 0 in reply to JanaSquires

    If you delete a Local user and replace the user with a Remotely Authenticated user, and the person uses a Remote Access method based on an X509 cert, the person will need to install the certificate associated with the new user.

    Note that Prefetch will fail if there is an identical name or email address for a Local user object.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    It wasn't a local user, but one that was previously added via an AD Sync.

    Running the Sync Now option did not receive the account.

    Instead, the prefetch pulled the account back in.  But it seems to also result in other users not being able to connect to VPN until we reset their OTP tokens.    

    Did not realise that the prefetch would result in this behaviour though.

Reply
  • 0 in reply to BAlfson

    Hi Bob,

    It wasn't a local user, but one that was previously added via an AD Sync.

    Running the Sync Now option did not receive the account.

    Instead, the prefetch pulled the account back in.  But it seems to also result in other users not being able to connect to VPN until we reset their OTP tokens.    

    Did not realise that the prefetch would result in this behaviour though.

Children
  • 0 in reply to JanaSquires

    That shouldn't happen with prefetch, Jana.  You should document this first with lines from the prefetch log.  If you're not good at the command line, I would just get a ticket open with Sophos Support and let them figure out if you have a broken configuration or broken firmware.  I'm not aware of any bug that might cause this strange behavior.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks Bob.  I did have a ticket open with Sophos support on this, and the tech confirmed that the behaviour was a result of the prefetch action.

    In addition to the workaround of resetting the token of affected users, we also extended the sync interval.  We haven't had any other reports on the issue.

    Thanks for your time and suggestions.

Unfiltered HTML