Hi Sophos Community!
Incoming wall of text, you've been warned.
So, before the upgrade to 4.0.2.2 I had a single Web Appliance running AD authentication without any issues.
We've since added a Management Appliance and a Physical WS1100 and configured load balancing.
This works fine when AD authentication is not used. I went to switch on the AD authentication on Friday, and after completing it, every user was prompted to log on to the captive portal, which shouldn't be happening.
All firewalls are configured correctly as per the online guide, and if I use 'Auto Detect Advanced Settings' the verify works and I can switch on authentication, but the captive portal comes up everytime.
So, i thought I'll not use auto-detect and configure the LDAP Base DN which is where it gets interesting.
This is the LDAP path to the auth account (changed for posting):
CN=AuthAccount,OU=Service Accounts,OU=Users,OU=Office,DC=Domain,DC=Local
This is the LDAP path to where our users are stored
OU=Users,OU=Office,DC=Domain,DC=Local
When I enter the above, verify fails on Testing LDAP
However, if I enter the following into the base DN, it passes the tests but the captive portal appears again:
OU=Office,DC=Domain,DC=Local
It seems then, that the appliance has an issue with the Users OU and I can't figure out why.
The authaccount i'm using is a domain admin and i've given explicit full control permission to the Users OU for that account.
Any thoughts?
I should add - we use the appliance in transparent mode, a linux router points HTTP and HTTPS to the Virtual I on the Management Appliance
This thread was automatically locked due to age.