Hi all,
I have a Sophos XG device integrated with Active Directory. My Active Directory has 15 sub domains in my network. This works as intended but we have some trouble with the AD connection.
We have a root-domain and 15 subdomains. We have a global security group "Sophos Users" in the domain "company.com". Users and groups from all domains (e.g. john@company.com, mary@de.company.com, neo@uk.company.com, allusers@ca.company.com) membered in "Sophos Users" global group.
Although using the global catalog port (3268), users from the subdomains cannot login. This is because the XG is prefixing every username with the "NETBIOS Domain" (which is a mandatory field when adding an AD connection). The NETBIOS name is in our case "COMPANY"
Example:
john is sent as "COMPANY\john" to the AD server -> user can login
mary is sent as "COMPANY\mary" to the AD server which fails because her account is "DE\mary" -> user cannot login
DE\mary is sent as "COMPANY\DE\\mary" to the AD server which fails even harder (of course) -> user cannot login
Right now we are using a workaround by adding an authentication server for each domain. But, this is a very bad solution.
Did anyone else run into this issue and fixed it?
Thanks,
This thread was automatically locked due to age.