Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 2667 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD Authentication not working

Arthur Marx

Hello,

the AD authentication for the user portal and all other services is not working. I configured it according to this guide:

https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/de-de/webhelp/onlinehelp/nsg/sfos/learningContents/ConfiguringActiveDirectoryAuthentication.html

The connection test for the server is successful and I put the server on top of the authetication methods in "Services". Afterwards I imported a group with the import wizard. STAS is installed and is working correctly.

Here is the access_server.log:



This thread was automatically locked due to age.
Parents
  • 0

    Hi Arthur Marx,

    It seems ports is getting blocked from your AD server on which STAS works 

    You can disable the AD server local firewall and Anti virus software for a while and restart the STAS service from AD server and restart the Authentication service from Sophos XG and check 

    If it works you have to make sure port below ports are bypass from Anti Virus and local firewall of AD server :

    Open ports.

    Configure the Windows firewall and third-party firewalls to allow communication over the following ports:

    • AD Server: Inbound UDP 6677, Outbound UDP 6060, Outbound TCP 135 and 445 (if using Workstation Polling Method WMI or Registry Read Access), Outbound ICMP (if using Logoff Detection Ping), Inbound/Outbound UDP 50001 (collector test), Inbound/Outbound TCP 27015 (config sync).
    • Workstation(s): Inbound TCP 135 & 445 (if using Workstation Polling Method WMI or Registry Read Access), Inbound ICMP (if using Logoff Detection Ping).

    Please share the logs for below command 

    console>tcpdump 'port 6060 or 6677

    Please verify STAS is installed and configured properly as per the below link : 

    https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/de-de/webhelp/onlinehelp/nsg/sfos/learningContents/ConfiguringTransparentAuthenticationSTAS.html

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    I did disable the local firewall on the ad server, restarted the STAS on the ad server and restarted the auth service on the XG firewall. However the issue remains.

    tcpdump command:

    192.168.8.102 is the FW and 103 is the AD.

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?