Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 5530 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Portal Auth Not Working

Peter Geremia

Hello,

 

I finally migrated over from v17 to v18.

 

I use the VPN functionality so it is critical the users can log into the User Portal to download the required assets for remote access.

 

Since migrating to v18 I cannot get ANY authorized users to log into the User Portal.  I check the log and it says credentials are invalid.  But they are not!!

 

I spun up a clean VM of v18, created a user and no problem logging into the User Portal.

I then restore my previous v18 config and once again the User Portal is locked out.

 

Another issue I am having is I cannot delete a user.  This uses was an AD user and when I try to delete I get a message stating that the user has a firewall rule, web rules etc associated with it.   I searched EVERYWHERE and cannot find the reference.

 

Any help would be HIGHLY appreciated.  I have already spent way too much time on this.

 

Thank You,

 

Peter Geremia

 

Ps.  I am dreading my only alternative which is to hand build from scratch....



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    As you mentioned you are using VPN, If user is selected in "Sophos Connect Client" (Remote access VPN" then also you may not able to delete the same.

    For login failed due to "Invalid Credential Error" you may confirm the access_server debug logs and you may collect the PCAP on AD server IP on XG and re create the error or issue and confirm the logs during issue timestamp.

    1) #service access_server:debug -ds nosync ( Same command will revert the status of service to normal)

    2) PCAP KBA:

    https://community.sophos.com/kb/en-us/127647

Reply
  • 0

    Hi  

    As you mentioned you are using VPN, If user is selected in "Sophos Connect Client" (Remote access VPN" then also you may not able to delete the same.

    For login failed due to "Invalid Credential Error" you may confirm the access_server debug logs and you may collect the PCAP on AD server IP on XG and re create the error or issue and confirm the logs during issue timestamp.

    1) #service access_server:debug -ds nosync ( Same command will revert the status of service to normal)

    2) PCAP KBA:

    https://community.sophos.com/kb/en-us/127647

Children
  • 0 in reply to Vishal_R

    V 18 implemented a new Service source for user portal.

    If you have multiple authentication server, check authentication - services, if the User portal authentication, the correct source for authentication is selected. 

  • 0 in reply to Vishal_R

    At this point I removed the AD server.  I changed all auth (under Authentication/Services) to local auth.

    I created a NEW user.

    I cannot log into the User Portal.

    Again as I mentioned before doing the same on a FRESH copy of V18 and I can create the user and log into the User Portal.

    Any help would be HIGHLY appreciated as I am dreading the rebuild from scratch.

    I have a TON of items in Hosts and services that would all have to be reentered manually.   And I have a lot of firewall rules as well.

    Thank You,

    -Pete

  • 0 in reply to LuCar Toni

    I really dumbed down this use case by removing AD from my v18 instance and changing all auth to local.

    1. I still cannot log into the User Portal even with a newly created user account.

    2. I still cannot delete the old account because it says it is in some firewall rule etc.  I checked everything and cannot find reference.

    I think the two issues may be related.

    I have a feeling this is a migration issue.  I migrated from 17.5 to 18.0.1.  Maybe something went wrong.

    How can I debug this?

    Thank You,

    Pete

  • 0 in reply to Peter Geremia

    In cases like this if I have to completely reconfigure my firewall from scratch, is it possible to export things like firewall and NAT rules as well as hosts and services?

    If I could do that then a rebuild would not be as painful.

    I do believe this issue has something to do with the migration from 17.5 to 18.

    Thank You,

    Peter Geremia