Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 27 subscribers
  • Views 2380 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Domain authentication - admin PW with special characters

AOP

Good Day everyone!

we have trouble with some XG Firewalls.

All administrator accounts with some specific special charactes like ' arnt working anymore. It happened on Firmware 17.5.2 and is still buggy on 18.0.3. So no new users are able to authenticate.

We tried to retype passwords - test it - all right, when you save it and again go to test it fails. error ist persistent. Even tried to complete delete all domain users, groups and authentication servers - nothing changed.

We also contacted sophos support but till 11.2020 we got no support, even after escalating the ticket. Maybe here some likes to help.



This thread was automatically locked due to age.
  • 0 in reply to AOP

    First of all: The account, used on the server page on XG, needs to have a valid password, without your issue, you discovered. 
    In this scenario, everything should work, correct?
    If you use a user against user portal, which has a special password, can this user authenticate in this point? 

    So the issue only occur, if the XG to AD Server connection is not correct, as the authentication is invalid? 

  • 0 in reply to LuCar Toni

    first - administrator user with special charaters in password - first time typing in at authentication server - test OK, saving it, retesting it - fail.

    now - using another admin user with another username and password - testeing it - ok, saving it and retesting ok - NOW i can import Groups from ad. Trying to authenticate a user without special characters on user portal -> authentication failed.

  • 0 in reply to AOP

    So basically you never can use succesful the authentication of XG, is that what you are saying? 

  • 0 in reply to LuCar Toni

    this is'nt so clear.

    we use this feature for a long time. But this bug appeared about 2-3 Month ago. Users which worked before this bug can be authenticated. new users can't.

  • 0 in reply to AOP

    Lets recap for a moment, as i am still not able to understand your issue. 

    There are two different fields: 

    Authentication - Server - AD Server -> AD Username (Admin) + Password 1

    "General Authentication" - Any facility (Like User Portal, Webadmin etc.) -> Username + Password 2

    So if Password 1 is invalid (because of a Bug or something), the authentication for password 2 will not work.

    If Password 1 is valid and can be used, password 2 should also work, as we use password 1 to authenticate against the AD. 

  • 0 in reply to LuCar Toni

    It's a realy messy bug, i know. And sometimes inconsistent...

    Authentication - Server - AD Server -> AD Username (Administrator) + Password 1

    Password1 with some Special Characters

    Test says OK - i save it and then try to import AD Groups - failed, wrong authentication. (3 month ago it worked! Without any changes on adminpw or firewall config!)

    User2 with password2 - can authenticate on userportal or thorugh vpn - he use this for about a year.

    NewUser3 with password3 can't authenticate against the AD by using the userportal of the XG Firewall.

    Now we change Password1 to a password without special characters.

    Test says OK - Groups can be imported - Testing NewUser3 to authenticate - it fails, another try - he can't authenticate, another try - he can authenticate ! another try with this NewUser3 - he can't authenticate.

    now this try:

    Authentication - Server - AD Server -> AD Username (AdminUser) + PasswordX   (So we are not using the Windows Domain standard administrator)

    PasswordX is the same that Password1 was (with special characters) - test says OK - save it, we CAN import groups. Behavior with users to login to userportal - nothing changed. old users can always be authenticated, new users sometimes can, sometimes not.