Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1311 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS with Multiple Domains

Tom Goldsmith

Hello

We are having issues with STAS. We use different FQDN for users to the one which is in the Monitored Domains section. I am seeing a lot of people coming through as unauthenticated. We have different ones as its a central server setup with different email domains, synced with O365.

"User XXXXX failed to login to Firewall through AD authentication mechanism from 10.100.XX.XX because of wrong credentials" If I change what the FQDN is to the default it seems to work better. There is still a delay when first logging in and opening the internet browser, but the errors go away under Authentication. If they type their username and password into the Sophos login screen this works.

Some users also reported when logging in and accessing the internet it would say their credentials are incorrect when they are not.

Can I add multiple search queries for my different domains? Will this also need to be put into the STAS agent?

Regards

Tom



This thread was automatically locked due to age.
  • 0

    You should create each domain as a own AD Server in SFOS. You can do this by reusing the same IP via DNS record. Simply create multiple DNS records on the firewall with AD1, AD2, AD3 etc. and point to the same AD Server. Then create multiple AD Servers with every domain in it on the firewall. 

  • 0 in reply to LuCar Toni

    Thank you, this seems a bit of a bodge as we have 9 different email domains to authenticate for. Now we have implemented this change, when they initially login it comes up as the .local address, once it tries the heartbeat its now the company.org address. This is showing as the same person twice now within the logs