Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 20 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 3212 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adjustable timeout for Active Directory Authentication?

JasP

Is there any way to change the timeout for Active Directory authentication? It appears to be set at 5s.

I realise that for most implementations this is not an issue but after posting an article on how to setup DUO 2FA with AD authentication, I have noticed that if I don't authenticate within 5s then the authentication fails. I hadn't noticed this before because I usually confirm the DUO prompt pretty quickly. DUO itself is set for a 30s timeout but this is meaningless if XG only waits 5s.

This doesn't happen with LDAP authentication which must have a longer timeout.



This thread was automatically locked due to age.
Parents
  • 0

    As far as i know, most OTP protocols rely on Radius for this. 

    Can DUO work via AD protocol? As far as i know, they only offer Radius for the authentication to the application, isnt it? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    https://community.sophos.com/xg-firewall/f/recommended-reads/124501/3-ways-to-setup-xg-18-with-duo-2fa

    DUO also works via LDAP(S) and as XG's AD authentication is done via LDAP then you can use DUO to do the authentication that way.

    I explain in the article why setting up DUO authentication via an XG AD server is the best way - users are created in userPrincipalName to match those created by STAS and Heartbeat, and there is groups support (this doesn't happen with RADIUS or LDAP authentication servers). The only snag I have just found is the timeout in your AD Server setup. Ideally there would be a timeout field as there is for RADIUS. As there isn't, I wondered if there was any way to change the timeout for all AD authentication.

Reply Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?