Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 5619 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wireless - Sign into XXX?

Louis-M

Just wondering whether anybody has had this issue before?

Users are on X LAN that use AD authentication for web filtering. I've no doubt that they probably lock their pc and go to meetings etc

They have an android phone and log onto the same network via radius. Almost immediately after authenticating, a pop up page appears asking them to login and our Sophos block page shows.

Now if I disable their mobile data and just have the wireless enabled on the phone, there is no issue. Having both enabled at the same time results in this issue.

Naturally we want both enabled so the user can use mobile data when outside the wireless network.



This thread was automatically locked due to age.
Parents
  • 0

    I don't understand how they authenticate into the wireless network with mobile data, Louis.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    they are authenticated via M$ radius using PEAP. Not using Sophos for wireless here. Strnage thing is, it throws up a login page "Please sign into <SSID>" but there are no captive portals etc and it's definately the Sophos UTM page that is showing up. To be honest, I've not looked into it too deeply ie examined the logs etc as it happens but was just putting out the feelers to see if anybody else had experienced this.

Reply
  • 0 in reply to BAlfson

    Hi Bob,

    they are authenticated via M$ radius using PEAP. Not using Sophos for wireless here. Strnage thing is, it throws up a login page "Please sign into <SSID>" but there are no captive portals etc and it's definately the Sophos UTM page that is showing up. To be honest, I've not looked into it too deeply ie examined the logs etc as it happens but was just putting out the feelers to see if anybody else had experienced this.

Children
  • 0 in reply to Louis-M

    Very, very strange. Looked at log today:

    2018:03:26-10:55:58 gw01-2 httpproxy[6357]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.2.12.106" dstip="" user="USERXXX" group="" ad_domain="DOMAINXXX" statuscode="403" cached="0" profile="REF_HttProContaInterLan2 (XXXX LAN 2 Filter Profile)" filteraction=" ()" size="2498" request="0xcac74000" url="http://gw01/favicon.ico" referer="gw01/auth error="Forbidden" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="435355" device="5" auth="2" ua="Mozilla/5.0 (Linux; Android 8.0.0; Build/OPR1.170623.032; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/65.0.3325.109 Mobile Safari/537.36" exceptions=""

    USERXXX was my phone (10.1.12.106) but I'm not that user (this is another user on the same domain). Cleared the cache/data etc on the phone. Forgot the connection etc but for some reason, my phone keeps registering as that user???

  • 0 in reply to Louis-M

    It sounds like this is a problem between your wireless and your M$ server, Louis.  I don't think there's anything to do in the UTM other than to confirm that wireless auth is screwed up somehow.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML