Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 2751 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

active directory authentication

Rajiv SIngh

Hi

some of our AD user not authenticating in ssl vpn and some get authenticated. log viewer shows incorrect password but with the same password i am able to login my workstation pc.

Newly created user working fine.

Kindly help.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community!

    I would advise you to put the access_server process in debug, replicate the issue and provide logs in debug. 

    Follow this KB Article to SSH into the XG firewall: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    Select Option 5 (Device Management) > Option 3 (Advance Shell)

    Run this command to put the access_server service in debug:

    • service access_server:debug -d -s nosync

    Once you capture the access_server logs in debug, run the same command to put access_server service in normal running mode. 

    Run this command to check service status :

    •  service -S | grep access_server

    SFVUNL_VM01_SFOS 17.5.11 MR-11# service -S | grep access_server
    access_server RUNNING,DEBUG

    Please PM me the logs and user name. 

    Thanks,

  • FormerMember
    0 FormerMember in reply to Rajiv SIngh

    Hi  

    Thank you for providing access_server logs in debug. 

    I have replied to you through PM. Please update the thread if you have any follow up questions.

    Thanks,

  • FormerMember
    0 FormerMember in reply to Rajiv SIngh

    Hi  

    Thank you for providing access_server debug logs: 

    "DEBUG May 05 19:40:15 [ADS_AUTH]: insert_escape_sequence: after inserting escape seq Username
    DEBUG May 05 19:40:15 [ADS_AUTH]: adsauth_bind: asynchronus bind msgid: '1'
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_bind: bind failed: Invalid credentials
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_authenticate_user: 'XX.XX.XX.XX:389': bind failed for User: 'DOMAIN\Username'
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_authenticate_user: ADS Authentication Failed for User:'Username'
    DEBUG May 05 19:40:15 [ADS_AUTH]: adsauth_parse_error_msg: message received from ldap server:"80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 531, v3839"
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_parse_error_msg: ad error no: 1329
    NOTICE May 05 19:40:15 [ADS_AUTH]: adsauth_handle_authrequest: ADS_AUTH: user authentication failed"

    As per the logs, it appears that issue is related to the AD/user configuration and you have resolved it by following these steps:

    Open Active directory user and computer>view>Click on Advance Feature>Go to user properties there is a TAB for Attribute Editor>Scroll down attributes. There is an attribute "userWorkstations" if any value mentioned there i.e workstation name set it to default "<not set>"

    Thank you  for providing detailed steps through PM.

    Thanks,