Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 26 subscribers
  • Views 6899 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD SSO – intermittent authentication failures

Kent Lee

I have intermittent authentication failure where user are prompt with captive portal to login.

All the user have been configure to authenticate using AD SSO.

Example user A were able to use SSO today and they shutdown their PC after office hour and tomorrow when the user login it might show captive portal. This issue is intermittent and I am not sure what is wrong. I have try to upgrade to the latest firmware which is as below:

XG115 (SFOS 17.0.8 MR-8)

 

In sophos GUI login (live user show the status below). FYI this is the same user A and happen intermittent.

Successfully use SSO = Client type STAS

Failed to use SSO = Client type Web Client

 

Also out of 27 user 2 to 3 user show this symptom and  it effect random user.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Kent,

    In such events, you need to verify if a security event log for the event ID 672 (Windows 2003) or 4768 (Windows 2008 and above) is generated in the AD for the user login attempt. If the event is generated, check the access_server.log in the XG firewall to verify the reason for User authentication failure. Refer to, the following KB articles to understand,

    1. How STAS works?
    2. Where to find the log file information in XG?

    Thanks,

  • 0 in reply to sachingurung

    Hi Sachingurung,

     

    For this we take an example of an user that have this issue which name "chunyl". In live user we can see that the user using web login instead of STAS.

     

    Upon check on AD for the kerberos event 4768 does register the user and in the sophos log also do show the user successfully login to AD.

     

    Sophos log show the user successful and user still not shown on live user and being force to user web login. 

    Can anyone shed some light on what is going on?

  • 0 in reply to Kent Lee

    Hi Kent,

    Can you send me access_server.log via PM? I need to verify if XG receives the authentication request for this user in between 08:55-09:05. Also, is STAS working with multiple DCs?

    Also, please confirm if there is a time difference between:

    1. User and the DC  

    2. DC and XG firewall 

    is not more than 5 minutes.

    Thanks,

  • 0 in reply to sachingurung

    Hi Sachingurung,

     

    Noted. STAS only setup on a single AD no multiple DC setup involve.

Reply Children