Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 5341 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with authenticatin SSO tansparent mode with AD dont Authenticacion withe Sophos 9.409

azepeda1984

Good day 

Problem with sophos utm 9409 when verifying the users do not find the users we tried with different bind dn and the same problem the server is windows 2008 R2 and we also tried with windows server 2012 R2 and the same problem attached catches the problem

bindn 

CN=Administrador,CN=Users,DC=xx,DC=xx,DC=sv

 



This thread was automatically locked due to age.
Parents
  • 0

    Hey. are you sure your binddn is correct?

    CN=Administrador,CN=Users,DC=xx,DC=xx,DC=sv

    Is your Administratore Name correct? Default its "Administrator" and not "Administrador"

     

    In the logfiles it looks good. Your AD Bind works, but your authentication test failed, because there is no group for this user found.

    Please check under "Definitions and Users" on your utm, if there is a group called "Active Directory users". If not, create a new one with type Backend Membership pointing to your AD Server/s and repeat your test again.

     

    greetings

    Sophos Platinum Partner 
    Sophos Certified Architect
    (Ceritfied UTM Architect / Certified XG Architect)

  • 0 in reply to x.cr3w

    i have the same issue on 3 different enviroments with Software Version of 9.409. On one Installation i have activate STAS, but on the other 2 not.

    i changed same weeks ago a hardware cluster(a 4th enviroment) with a software version of 9.408 and i am not sure but i guess that there i doesnt get this failure.

     

    Base DN is correct. The Bind DN Test works fine. The Problem is for both Active Directory Servers

    And under Definitions&Users a group exists called "AD-users" with Backend Membership.

     

  • 0 in reply to MichaelWalter

    i found same interesting Points:

    i starting sniffering and found that the password is invalid because the sophos dont send a password:

     

    if i try to proof the serversettings the password is sending and the ldap request is sucessful. i open a case so lets wait.

  • 0 in reply to MichaelWalter

    Michael, is your Backend Group based on a manually-created Security Group containing only user accounts in Active Directory?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to MichaelWalter

    Michael, is your Backend Group based on a manually-created Security Group containing only user accounts in Active Directory?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML