Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 347 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos X Active Directory authentication with multiple managed domains

Guilherme Silva1

Hello guys!

I currently have a scenario that uses authentication between the firewall and Active Directory.

In this same Active Directory, in addition to the main domain, I have other domains with linked users.

In the authentication configuration in Sophos, I set the main domain, the authentication works, however all users, including users linked to other domains, appear in Sophos with the
main domain.

For example, main domain is mydomain.com.br and the other domain is otherdomain.com.br.

The user that is part of otherdomain.com.br, for example user01@otherdomain.com.br, appears in Sophos as user01@mydomain.com.br, as if Sophos does not really identify the other domains that my active directory manages .


I've been researching about, but I haven't identified much information about this type of situation.

The question is whether there would be some way for Sophos to recognize the user with their real domain, and not just
the main domain in which it is configured on the firewall's authentication servers, a solution without having to configure a server on the firewall for each domain.


Comments:

I use STAS in the environment;
The firewall's model is an XG210;
I am on the following firmware version: SFOS 18.5.4 MR-4-Build418



This thread was automatically locked due to age.
Parents
  • 0

    Essentially we are sending the SAMAccountname to the AD Server and the AD Server will give us a matching domain, if it confirmed via LDAP, that the user exists. 

    What do you mean by "Real domain"? If you have multiple domain, it depends on the user, what he/she is using to sign in. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hello,

    "Real domain" would be the domain that the user used to sign in, precisely because it has several domains, regardless of the domain that the user is in, the webadmin of the firewall always contains the same domain, the same one that is configured in the authentication.

    due to this I asked about the "real domain" of the user, as it does not appear in the webadmin.

Reply
  • 0 in reply to LuCar Toni

    Hello,

    "Real domain" would be the domain that the user used to sign in, precisely because it has several domains, regardless of the domain that the user is in, the webadmin of the firewall always contains the same domain, the same one that is configured in the authentication.

    due to this I asked about the "real domain" of the user, as it does not appear in the webadmin.

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?