Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 678 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Converting from LDAP to Radius Authentication for DUO MFA with Sophos SSL-VPN?

PeytonClara PeytonClara

We were testing DUO MFA with LDAP authentication to our Active Directory using the Sophos SSL-VPN.  Tan into the "timeout" problem and created a Radius login and server to fix this.   Now we are seeing: 

1. Initial validation appears to work,   

2. DUO MFA request is sent to the phone for authentication .

3. Once returned, the omegle xender  authorization fails at final login. 

I'm wondering if this is because of something changed in the way groups our handled?  

All users are members of our AD Group "VPN Users



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out and welcome to the Sophos Community!

    Could you please provide access_server logs in debugging? 

    Follow this knowledge base Article to SSH into the XG firewall: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    Select Option 5 (Device Management) > Option 3 (Advance Shell)

    Run this command to put the access_server service in debug:

    • service access_server:debug -d -s nosync

    Please check out the following KBA to locate and capture the logs: Sophos XG Firewall: Where to find log files?

    Once you capture the access_server logs in debugging, run the same command to put access_server service in normal running mode. 

    Run this command to check service status :

    •  service -S | grep access_server

    SFVUNL_VM01_SFOS 17.5.11 MR-11# service -S | grep access_server
    access_server RUNNING,DEBUG

    Please PM me the logs and username.

    Check out the following document for more information on possible ways to setup XG 18 with DUO MFA.

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out and welcome to the Sophos Community!

    Could you please provide access_server logs in debugging? 

    Follow this knowledge base Article to SSH into the XG firewall: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    Select Option 5 (Device Management) > Option 3 (Advance Shell)

    Run this command to put the access_server service in debug:

    • service access_server:debug -d -s nosync

    Please check out the following KBA to locate and capture the logs: Sophos XG Firewall: Where to find log files?

    Once you capture the access_server logs in debugging, run the same command to put access_server service in normal running mode. 

    Run this command to check service status :

    •  service -S | grep access_server

    SFVUNL_VM01_SFOS 17.5.11 MR-11# service -S | grep access_server
    access_server RUNNING,DEBUG

    Please PM me the logs and username.

    Check out the following document for more information on possible ways to setup XG 18 with DUO MFA.

    Thanks,

Children
No Data