Sophos xg not creating a domain computer account when adding active directory authentication server. Kerberos sso not working.

Question

I have added Active Directory Domain controller to the servers list under authentication, imported groups, have users from AD, however, kerberos/ntlm doesnt work. I have made sure that SSO is enabled for the LAN interface and that the browser is using the FQDN hostname of the appliance in the proxy setting. What i do notice is that there is no computer account created in AD.

This thread was automatically locked due to age.

LuCar Toni · Accepted Answer

Check the Logs about /log/nasm.log 
 It should indicate the join. 
 You can delete the entry of nasm and redo the join to generate new logs. 
 Stop the NASM service: service nasm:stop -ds nosync 
 Remove file /content/nasm: rm -rf /content/nasm 
 Start the NASM service: service nasm:start -ds nosync

jarrod beebe · Answer

That was exactly it, thank you! Is this a case of a configuration file being created and the XG not recreating the domain computer object because the configuration file is present? What is the -ds nosync option mean? I would love to know more of the inner workings. Again, thank you!

Sophos xg not creating a domain computer account when adding active directory authentication server. Kerberos sso not working.

Top Replies

Submitted a Tech Support Case lately from the Support Portal?