Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 6 subscribers
  • Views 7088 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF reverse AD auth - domain\user turns into domain\\user

SaschaBackes

Dear Sophos community,
we are currently setting up WAF to work with our Exchange services. Exchange version is 2007 at the moment, we plan to migrate to 2016 next year.

All our Windows Outlook users authenticate with DOMAIN\user, which works fine as long as we don't reverse authenticate with WAF. As soon as WAF handles the authentication, we see a "double \\" in DOMAIN\\user in the log and failed authentications.

We found some approaches to work around this issue, but none of them is what we really want. RADIUS for example is not an option, as we do not have redundant RADIUS servers yet.

We also did find a reference in Mantis to an old issue, that was reportedly fixed in version 9.201. However, we are on version 9.402-7...

Is there any news on that issue? We would prefer to stick to AD authentication and the user format DOMAIN\user if possible.

Thanks and best regards
Sascha



This thread was automatically locked due to age.
Parents
  • 0

    Hello, hope you are well.

    I also see this problem. The help file within UTM 9 says that you can add a prefix or suffix so that if the user just logs in as say "firstname.lastname" then the UTM will add the domain prefix or suffix automatically. The example it describes is with the suffix and that if a user logs in with a suffix the UTM will ignore appending it. I assumed it would be the same with the prefix.

    I don't know how the UTM would handle if you configure both, but would like this to work for my setup as at the moment we will need to educate users on the way to logon.

    Regards,

    Dave

Reply
  • 0

    Hello, hope you are well.

    I also see this problem. The help file within UTM 9 says that you can add a prefix or suffix so that if the user just logs in as say "firstname.lastname" then the UTM will add the domain prefix or suffix automatically. The example it describes is with the suffix and that if a user logs in with a suffix the UTM will ignore appending it. I assumed it would be the same with the prefix.

    I don't know how the UTM would handle if you configure both, but would like this to work for my setup as at the moment we will need to educate users on the way to logon.

    Regards,

    Dave

Children
No Data
Unfiltered HTML