This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authentication issue with Firefox using AD-SSO

Hi,

Having SG310 with UTM 9.351-3 with AD portal setup and importing the users from the AD into Sophos every night and default authentication AD-SSO.

Follwed https://community.sophos.com/kb/en-US/120791 for the setup, no problems with Chrome and IE, but having an issue with Firefox.

When opening Firefox without running any other browser, trying to open Google.com for example will have the pop-up window asking for authentication (the value network.automatic-ntlm-auth.trusted-uris has been set ).

When opening Firefox with chrome running in the same time, no pop up message 

Many thanks,

Abdullah



This thread was automatically locked due to age.
Parents
  • Hi Abdullah,

    Feedback from a customer was to create an On Logon script via Group policy that would distribute the following:

    Create the file local-settings.js with the following:

    pref("general.config.filename", "mozilla.cfg");

    pref("general.config.obscure_value", 0); // use this to disable the byte-shift

    Create the file mozilla.cfg with the following:

    //

    lockPref("network.automatic-ntlm-auth.allow-non-fqdn", true);

    lockPref("network.negotiate-auth.allow-non-fqdn", true);

    The cfg file must have the // at the top of the file otherwise it’ll be ignored.

    The js file needs dropping into the Mozilla Firefox\defaults\pref directory (in our instance C:\Program Files (x86)\Mozilla Firefox\defaults\pref) and the cfg file needs dropping into the Mozilla root directory (in our instance C:\Program Files (x86)\Mozilla Firefox)

    There doesn’t appear to be a need to add:

    lockPref("network.automatic-ntlm-auth.trusted-uris", "


    Hopefully this helps. This allows you to do NTLM through Firefox which is disabled by default.

    Emile

Reply
  • Hi Abdullah,

    Feedback from a customer was to create an On Logon script via Group policy that would distribute the following:

    Create the file local-settings.js with the following:

    pref("general.config.filename", "mozilla.cfg");

    pref("general.config.obscure_value", 0); // use this to disable the byte-shift

    Create the file mozilla.cfg with the following:

    //

    lockPref("network.automatic-ntlm-auth.allow-non-fqdn", true);

    lockPref("network.negotiate-auth.allow-non-fqdn", true);

    The cfg file must have the // at the top of the file otherwise it’ll be ignored.

    The js file needs dropping into the Mozilla Firefox\defaults\pref directory (in our instance C:\Program Files (x86)\Mozilla Firefox\defaults\pref) and the cfg file needs dropping into the Mozilla root directory (in our instance C:\Program Files (x86)\Mozilla Firefox)

    There doesn’t appear to be a need to add:

    lockPref("network.automatic-ntlm-auth.trusted-uris", "


    Hopefully this helps. This allows you to do NTLM through Firefox which is disabled by default.

    Emile

Children