Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 25407 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot establish NTLM authentication channel with <domain>

rizzah

Hi,

I added a AD connection which works, i can for example login to the device using an AD account, however i do keep this error in my log files:

 

 

Is there any way to track this error to see where its coming from ?

 

Regards



This thread was automatically locked due to age.
  • 0

    Rizzah,

    I did not see this behaviour with STAS on Windows 2008 and 2012. What version of Windows are you using?

    Did you configure STAS correctly? Are the logoff correctly managed by AD and STAS?

    Thanks

  • 0 in reply to lferrara

    Hi Luk,

    I am running Windows 2012, it was just to test things out. However i disabled the stas now in authentication -> stas but the errors keep coming. I uninstalled the tools from the Windows server too. 

    Is there anything else i have to disable?

     

    Regards,

  • +1 in reply to rizzah

    Rizzah,

    can you disable NTLM authentication inside Authentication > Device Access for VLANZ?

    More NTLM authentication logs can be found from advanced shell (CLI > option 5 > option 3) and then "tail -f nasm.log" without quota.

    Thanks

  • 0 in reply to lferrara

    Dear All, 

    we are having similar problem regarding NTLM authentication. the error is the same and the log states :

    "Cannot establish NTLM authentication channel with <Domain Name>"

    the log from Device using "tail -f nasm.log" in advance shell is as follows:

     

    Apr 19 05:34:11.045684  [nasm]  net_ads_join() failed to join with server-><Domain name>             

    /oss/net: /lib/liblber-2.4.so.2: no version information available (required by /oss/net)           

    /oss/net: /lib/libldap_r-2.4.so.2: no version information available (required by /oss/net)         

    dos charset 'CP850' unavailable - using ASCII                                                      

    Failed to join domain: failed to lookup DC info for domain '<Domain name>' over rpc: Invalid workstati

    on

     

    SSO is working fine for users but we want to use NTLM also and for the record it was working before perfectly.

    i hope to get solution soon because spohos support seems to delay support for no reason.

     

    thanks in advance,

    Faheem Sarwar