Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 2752 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

active directory authentication

Rajiv SIngh

Hi

some of our AD user not authenticating in ssl vpn and some get authenticated. log viewer shows incorrect password but with the same password i am able to login my workstation pc.

Newly created user working fine.

Kindly help.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember in reply to Rajiv SIngh

    Hi  

    Thank you for providing access_server debug logs: 

    "DEBUG May 05 19:40:15 [ADS_AUTH]: insert_escape_sequence: after inserting escape seq Username
    DEBUG May 05 19:40:15 [ADS_AUTH]: adsauth_bind: asynchronus bind msgid: '1'
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_bind: bind failed: Invalid credentials
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_authenticate_user: 'XX.XX.XX.XX:389': bind failed for User: 'DOMAIN\Username'
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_authenticate_user: ADS Authentication Failed for User:'Username'
    DEBUG May 05 19:40:15 [ADS_AUTH]: adsauth_parse_error_msg: message received from ldap server:"80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 531, v3839"
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_parse_error_msg: ad error no: 1329
    NOTICE May 05 19:40:15 [ADS_AUTH]: adsauth_handle_authrequest: ADS_AUTH: user authentication failed"

    As per the logs, it appears that issue is related to the AD/user configuration and you have resolved it by following these steps:

    Open Active directory user and computer>view>Click on Advance Feature>Go to user properties there is a TAB for Attribute Editor>Scroll down attributes. There is an attribute "userWorkstations" if any value mentioned there i.e workstation name set it to default "<not set>"

    Thank you  for providing detailed steps through PM.

    Thanks,

Reply
  • FormerMember
    0 FormerMember in reply to Rajiv SIngh

    Hi  

    Thank you for providing access_server debug logs: 

    "DEBUG May 05 19:40:15 [ADS_AUTH]: insert_escape_sequence: after inserting escape seq Username
    DEBUG May 05 19:40:15 [ADS_AUTH]: adsauth_bind: asynchronus bind msgid: '1'
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_bind: bind failed: Invalid credentials
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_authenticate_user: 'XX.XX.XX.XX:389': bind failed for User: 'DOMAIN\Username'
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_authenticate_user: ADS Authentication Failed for User:'Username'
    DEBUG May 05 19:40:15 [ADS_AUTH]: adsauth_parse_error_msg: message received from ldap server:"80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 531, v3839"
    ERROR May 05 19:40:15 [ADS_AUTH]: adsauth_parse_error_msg: ad error no: 1329
    NOTICE May 05 19:40:15 [ADS_AUTH]: adsauth_handle_authrequest: ADS_AUTH: user authentication failed"

    As per the logs, it appears that issue is related to the AD/user configuration and you have resolved it by following these steps:

    Open Active directory user and computer>view>Click on Advance Feature>Go to user properties there is a TAB for Attribute Editor>Scroll down attributes. There is an attribute "userWorkstations" if any value mentioned there i.e workstation name set it to default "<not set>"

    Thank you  for providing detailed steps through PM.

    Thanks,

Children
No Data