Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 1017 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NTLM enabled but AD server not configured

adrianBromley

All,

I have an XG whose SSO has stopped working.

I removed (unticked)  the Domain Controller from Authentication/Services.  I removed (deleted) the connection in Authentication/Servers.  Then deleted the computer object from AD.

I have re-created the AD connection in Authentication/Servers.  It tests successfully.

I have added add the AD connection to the autehentication servers list in Authentication/Services.

However, SSO is still not working.  The computer object does not appear in AD.

I do not see the two messages 'Kerberos authentication initialized successfully' and 'NTLM authentication channel established successfully' in Log viewer/Authentication.

I do continue to see 'NTLM enabled but AD server not configured'.

Any ideas? Thanks

Adrian



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Please check test connection to the AD server and ensure that it’s selected under 'Authentication server list'(Authentication > Services).

    Check access_server.log and nasm.log events as well.

    ==> Login to SSH > 5. Device Management > 3. Advanced Shell

    ==> Run below command to put nasm and access_server service in debugging.

    # service nasm:debug -ds nosync

    # service access_server:debug -ds nosync

    ==> To check live events

    # tail -f /log/access_server.log

    # tail -f /log/nasm.log

    ==> Run below commands to stop debugging.

    # service nasm:debug -ds nosync

    # service access_server:debug -ds nosync

    ==> To check service status

    # service | grep nasm

    # service -S | grep access_server

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Please check test connection to the AD server and ensure that it’s selected under 'Authentication server list'(Authentication > Services).

    Check access_server.log and nasm.log events as well.

    ==> Login to SSH > 5. Device Management > 3. Advanced Shell

    ==> Run below command to put nasm and access_server service in debugging.

    # service nasm:debug -ds nosync

    # service access_server:debug -ds nosync

    ==> To check live events

    # tail -f /log/access_server.log

    # tail -f /log/nasm.log

    ==> Run below commands to stop debugging.

    # service nasm:debug -ds nosync

    # service access_server:debug -ds nosync

    ==> To check service status

    # service | grep nasm

    # service -S | grep access_server

Children
  • 0 in reply to FormerMember

    Hi Yash, thanks for responding.

    I see this in the nasm.log.  After a few seconds, I added the AD server to 'Authentication > Services' and this is what I saw in the log (below).  

    I have highlighted the interesting lines in bold, although I'm not sure what  it means:

    Thanks

    Aug 16 16:26:11.095733 [ntlmserver] ntlm_server() ---> looping through employ'd [elasped=20s]
    Aug 16 16:26:11.095767 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:26:21.105331 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:26:21.169338 [nasm] select() time'd out, we've no events
    Aug 16 16:26:21.169364 [nasm] setup_channel
    Aug 16 16:26:21.169369 [nasm] ads_config
    Aug 16 16:26:21.171866 [nasm] populate_servers
    Aug 16 16:26:21.174087 [nasm] AD server not configured @Identity->Authentication->Firewall
    Aug 16 16:26:21.174111 [nasm] throwing logs on garner
    Aug 16 16:26:21.174132 [nasm] populate_servers
    Aug 16 16:26:21.174155 [nasm] ads_config
    Aug 16 16:26:21.174158 [nasm] ads_config() failed, transferring control back to loop
    Aug 16 16:26:21.174161 [nasm] setup_channel (done)
    Aug 16 16:26:21.174164 [nasm] waiting for an event on PROTOCOL fd [up to 20s]
    Aug 16 16:26:31.113885 [ntlmserver] ntlm_server() ---> looping through employ'd [elasped=20s]
    Aug 16 16:26:31.113936 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:26:41.122824 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:26:41.186684 [nasm] select() time'd out, we've no events
    Aug 16 16:26:41.186726 [nasm] setup_channel
    Aug 16 16:26:41.186737 [nasm] ads_config
    Aug 16 16:26:41.188643 [nasm] populate_servers
    Aug 16 16:26:41.190402 [nasm] AD server not configured @Identity->Authentication->Firewall
    Aug 16 16:26:41.190422 [nasm] throwing logs on garner
    Aug 16 16:26:41.190444 [nasm] populate_servers
    Aug 16 16:26:41.190469 [nasm] ads_config
    Aug 16 16:26:41.190473 [nasm] ads_config() failed, transferring control back to loop
    Aug 16 16:26:41.190476 [nasm] setup_channel (done)
    Aug 16 16:26:41.190479 [nasm] waiting for an event on PROTOCOL fd [up to 20s]
    Aug 16 16:26:51.132374 [ntlmserver] ntlm_server() ---> looping through employ'd [elasped=20s]
    Aug 16 16:26:51.132431 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:26:53.255191 [nasm] we've 8 bytes on protocol FD
    Aug 16 16:26:53.255229 [nasm] process_protocol_event(): processing csc-to-nasm TLV [type=RECONFIG] message
    Aug 16 16:26:53.255235 [nasm] send_tlv_channel_down_to_ntlm
    Aug 16 16:26:53.255239 [nasm] sending channel not established to ntlm server
    Aug 16 16:26:53.255243 [nasm] sendto_ntlmserver: TLV [type=DOWN]
    Aug 16 16:26:53.255258 [nasm] sendto_ntlmserver: [bytes sent=8]
    Aug 16 16:26:53.255261 [nasm] send_tlv_channel_down_to_ntlm (done)
    Aug 16 16:26:53.255272 [ntlmserver] fasm_processor(): processing nasm-to-server TLV [type=DOWN] message
    Aug 16 16:26:53.255308 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:26:54.255729 [nasm] process_tlv_reconfig handling config reload request
    Aug 16 16:26:54.255759 [nasm] ntlm_configured
    Aug 16 16:26:54.259739 [nasm] AD SSO enabled from device access configuration
    Aug 16 16:26:54.259792 [nasm] ntlm_configured (done)
    Aug 16 16:26:54.259797 [nasm] reload_channel
    Aug 16 16:26:54.259800 [nasm] setup_channel
    Aug 16 16:26:54.259803 [nasm] ads_config
    Aug 16 16:26:54.261823 [nasm] populate_servers
    Aug 16 16:26:54.264313 [nasm] fetching details for '0' row
    Aug 16 16:26:54.264330 [nasm] server id '3' fetched, retriving server details
    Aug 16 16:26:54.265679 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:26:54.265712 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:26:54.265717 [nasm] populate_server_details
    Aug 16 16:26:54.265728 [nasm] decryption failed, unable to populate server
    Aug 16 16:26:54.265730 [nasm] populate_server_details
    Aug 16 16:26:54.265733 [nasm] populate_server_details failed, can't continue
    Aug 16 16:26:54.265737 [nasm] populate_servers
    Aug 16 16:26:54.265763 [nasm] ads_config
    Aug 16 16:26:54.265767 [nasm] ads_config() failed, transferring control back to loop
    Aug 16 16:26:54.265770 [nasm] setup_channel (done)
    Aug 16 16:26:54.265772 [nasm] reload_channel (done)
    Aug 16 16:26:54.265775 [nasm] process_tlv_reconfig (done)
    Aug 16 16:26:54.265778 [nasm] process_tlv_channel_status
    Aug 16 16:26:54.265780 [nasm] sending channel down to ntlm server
    Aug 16 16:26:54.265802 [nasm] sendto_ntlmserver: TLV [type=DOWN]
    Aug 16 16:26:54.265814 [nasm] sendto_ntlmserver: [bytes sent=8]
    Aug 16 16:26:54.265817 [nasm] process_tlv_channel_status (done)
    Aug 16 16:26:54.265823 [ntlmserver] fasm_processor(): processing nasm-to-server TLV [type=DOWN] message
    Aug 16 16:26:54.265825 [nasm] process_protocol_event (done)
    Aug 16 16:26:54.265829 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:26:54.265830 [nasm] waiting for an event on PROTOCOL fd [up to 20s]
    Aug 16 16:27:04.274081 [ntlmserver] ntlm_server() ---> looping through employ'd [elasped=13s]
    Aug 16 16:27:04.274110 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:27:14.284028 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:27:14.285906 [nasm] select() time'd out, we've no events
    Aug 16 16:27:14.285920 [nasm] setup_channel
    Aug 16 16:27:14.285924 [nasm] ads_config
    Aug 16 16:27:14.287654 [nasm] populate_servers
    Aug 16 16:27:14.289189 [nasm] fetching details for '0' row
    Aug 16 16:27:14.289202 [nasm] server id '3' fetched, retriving server details
    Aug 16 16:27:14.289775 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:27:14.289817 [ntlmserver] ntlm_server() ---> epoll_wait() waiting 10s for events
    Aug 16 16:27:14.289822 [nasm] populate_server_details
    Aug 16 16:27:14.289828 [nasm] decryption failed, unable to populate server
    Aug 16 16:27:14.289831 [nasm] populate_server_details
    Aug 16 16:27:14.289835 [nasm] populate_server_details failed, can't continue
    Aug 16 16:27:14.289839 [nasm] populate_servers
    Aug 16 16:27:14.289866 [nasm] ads_config
    Aug 16 16:27:14.289870 [nasm] ads_config() failed, transferring control back to loop
    Aug 16 16:27:14.289873 [nasm] setup_channel (done)
    Aug 16 16:27:14.289898 [nasm] waiting for an event on PROTOCOL fd [up to 20s]