Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 27 subscribers
  • Views 23971 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD users can't login to user portal.

Stefan Stefan

I have imported my groups from the AD in my XG environment, but when I try to login I just get login errors.

When I look at the logs it seems like XG can't get the information from the AD.

At the moment I dont know what the issue might be.

The last thing i can think of is that XG is incompatible with Windows Server 2016 ADs.

STAS has been installed added to XG.

 

Any help would be appreciated.

 



This thread was automatically locked due to age.
Parents
  • 0

    Stefan,

    inside the Authentication menu > Services make sure that the AD server has been added to the proper Firewall section (User portal or Firewall Authentication methods). I am out of the office so I cannot remember the correct name of the Firewall Section.

    Also make sure to move the AD server at the top using drag and drop function.

    Thanks

  • 0 in reply to lferrara

    I take it you mean this section?

    I already set it the way as in the screenshot. 

     

  • 0 in reply to Stefan Stefan

    Stefan,

    it seems that your users are not found inside the AD server. Did you follow and configured STAS correctly?

    https://community.sophos.com/kb/en-us/123155 (there are 3 KB inside)

    Make sure the proper Firewall ports are opened.

    Can you try to open the file access_server.log from advanced shell using the command: "tail -f /var/tslog/access_server.log) and check if you see more information about the error?

    Thanks

  • 0 in reply to lferrara

    The screenshot from the first post is all what is being generated in the access_server.log when I try to log in.

    I followed that xact link to configure STAS.

    The strange thing (I think) is that it sees the AD it can import the group without a problem STAS generates messages in the log but it can't seem to authenticate properly.

     

  • 0 in reply to Stefan Stefan

    HI Stefan,

    Did you get a successful test connection ? If not make sure you use administrative account .

    Also, are you authenticating via Captive portal or using VPN , Make sure you have your Users Listing in XG appliance . This should arrive after authenticating for the first time for that user. You  may allow ll the users to get authenticated so it would arrive on your XG  appliance . The User account should be accessible then . 

    Thank and Regards

    Aditya Patel 

  • 0 in reply to Aditya Patel

    It is a local connection that i'm trying to get working via the user portal.

    Also the test connect is successful, as in everything works surrounding STAS and AD except getting AD users to login in to the firewall.

    It just generates errors unfortunately which as of yet i'm not skilled enough to diagnose properly.

  • 0 in reply to Stefan Stefan

    Stefan,

    can you try to create a Policy Rule where you enforce that computer (single ip) to be authenticated in order to surf on internet?

    Inside the same rule, insert an AD user and test the connectivity to internet and see if you are able to surf on internet.

    Make sure that this policy is at the TOP and the source network is only one IP otherwise you will impact all the devices inside the LAN zone.

    Thanks

  • 0 in reply to lferrara

    I have rebuild my server now with Server 2012R2 and i now get a different error.

    now i get a operations error instead of a refferal error.

    don't know if that helps any.

  • 0 in reply to Stefan Stefan

    Stefan,

    what error do you have now?

    I can even help you but this night (out of office). I send you a PM.

Reply Children
No Data