Question: STAS User Object without IP

Hi there,

i just activated STAS and get the following infos in the log:

2016:02:17-17:24:17 firewall argos[23997]: [stas_event]: Received STAS package
2016:02:17-17:24:17 firewall argos[23997]: [stas_event]: Read 249 bytes from IP 1.1.1.1:49544
2016:02:17-17:24:17 firewall argos[23997]: [process_stas_request]: Processing STAS request TRANSPARENT_SSO_LOGON
2016:02:17-17:24:17 firewall argos[23997]: [handle_transparent_sso_request]: Received login sso request: username robert, ip_address 10.10.10.12, domain_name my domain

But the userobject "robert" is still without IP Address, why? :)

Regards

Robert

Parents
  • Hi Robert,

    We use ipsets to store the ip address of an user. Here an example:

    I authenticated a user and created a packetfilter rule for an user:
    qa-320-c4:/root # iptables-save |grep 4_
    -A USR_FORWARD -m set --match-set 4_NetAaaAduseUserNetwo src -m logmark --logmark 1 -j LOGACCEPT

    There you can see the name of the ipset with the IP address:
    qa-320-c4:/root # ipset -L 4_NetAaaAduseUserNetwo
    Name: 4_NetAaaAduseUserNetwo
    Type: hash:ip
    Revision: 0
    Header: family inet hashsize 4 maxelem 65536
    Size in memory: 200
    References: 1
    Members:
    10.8.63.118

    The user / user network objects doesn't contain the ip addresses for performance reasons. It's the same as with the SAA.
    I hope this answer is helpful. :)

    /Daniel

    Windows has detected you do not have a keyboard. Press 'F9" to continue.

  • Daniel, it's fine to analyze with iptables, but please summarize in WebAdmin-speak if it turns out that this was not a bug and that Robert misunderstood something about configuring or using STAS.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data