Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 2016 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSO Client for windows - local user account vs domain user account login question

MurMan

 Hi all,

 

About using Sophos SSO client auth with AD (without STAS), I have a question as below.

Example environment:  local user account : suser03, domain user account : suser03@abc.com.

If I use domain user account: suser03@abc.com to login pc and run SSO client, it will show suser03@abc.com in XG Firewall - Live users and control by relative policy. I think it is normal. 

But, if I use local user account: .\suser03 login the same PC and run SSO client. it also shows suser03@abc.com in XG Firewall - Live users and also control by relative policy as well. I think it is abnormal.

Do you have any idea in this situation?

Many thanks

 

 

 

 



This thread was automatically locked due to age.
  • 0

    Hi,

    This is normal.

    Basically the Client sends only "Username" without any domain etc. 

    XG (Access_server) will go through all authentication servers (which are selected for authentication), and uses the correct domain, which you are define in authentication server. 

     

    This is how the "multi domain" support is implemented. 

    Give XG two different Domains: x.com and y.net 

    You came with MRX to XG. It will check with mrx.y.net to y.net server, gets a denied and go to x.com server with mrx.x.com and gets a successful. 

  • 0 in reply to LuCar Toni

    Hi LuCar Toni,

     

    Many Thanks