Trusted domains - we proxy AD SSO not pulling through group

Hi there,

We are running a UTM 9.7 and have AD SSO enabled and are using web proxy (protection).

The UTM is joined to domain A, but we wish to serve web proxy requests from domain B as well. There is a fully functional two way trusted domain & forest.

We have this exact scenario working on another UTM HA pair, so I know it works.

However, on the particular UTM HA pair in question, for domain A, it serves the requests fine, in the live log I can see user, group and domain pulling through.

When serving requests from domain B, it only seems to pull user and domain, not group.

(i.e. log looks a bit like this - user="testuser" group="" ad_domain="DOM-B")

The group exists and is part of a policy rule.

As I say, the (in theory) exact same setup works on another pair of UTMs, but not this one.

The odd part is that it used to work, because I have screenshots of the logs previously working and definitely pulling through the group, but it has stopped pulling the group

What am I missing?

Thanks

Chris

  • Hi Chris and welcome to the UTM Community!

    This is almost certainly in the trust relationship.  What does someone else see in comparing the two situations?

    Are you running both sets of UTMs in Transparent or Standard mode?  If Standard, please show us the PAC files used in both locations.  If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical or just in the same subnet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA