Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 26 subscribers
  • Views 26071 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Non Domain User Authentication

M8ey

 Hi all,

 

 

I have an XG230 with the latest Firmware which I am using as a Proxy. For the domain users it works well and performs as it should.

I have the issue when a non domain PC tries to connect via the proxy I am not sent to a Web Portal for credentials for a long period of time or sometimes not at all. Then if it does work I can enter a domain users credentials and I get access to the web. Seems a little broken.

Additionally I loaded the Windows Authentication Client on this PC and entered the User / pass of a domain user and it doesn't seem to do anything at all.

So how can I get a stable user experience that when they open a web page its prompts for user / pass or just Authenticates (via Windows Auth Client) rather than a internet page with a uer / pass box that must remain open or they lose connection?

Am I missing something?



This thread was automatically locked due to age.
Parents
  • 0

    Ian,

    I am using Sophos Client Authentication Agent with local users with no issue. Make sure you create the local users on XG, add them to Firewall rules and that's all.

    Please the access_server.log file under /var/tslog using the advanced shell (option 5 > 3). There you should see:

    MESSAGE   Apr 19 07:41:00 [4144064320]: (process_command): Client type is OS X
    MESSAGE   Apr 19 07:41:00 [4144064320]: (CA_authentication_result): User lferrara authenticated (CA)
    MESSAGE   Apr 19 07:41:00 [4144064320]: (process_command): Received IP for user lferrara: fe80::1c54:9667:436f:11fa
    MESSAGE   Apr 19 07:41:00 [4144064320]: (process_command): Received IP for user lferrara: 192.168.0.8

    Regards

  • 0 in reply to lferrara

    Thanks lferrara,

     

    I have them in as a Local User and assigned to a User Group.

    When I set that user / pass in the Windows Client Auth and open a web page it just bounces me to the Captive Portal. If I log into the Captive Portal and leave it open it all works.

    I cannot access the logs - when I go to advanced Shell and type /logs I just get "Permission Denied" - using the admin login.

     

    Using this on a Windows 7 and Windows 10 Test system.

     

  • 0 in reply to M8ey

    Ian,

    create a top rule, where you allow only a test user and disable "show captive portal".

    Thanks

  • 0 in reply to lferrara

    lferrara said:
    disable "show captive portal".

     

    Where is this?

    I did the Top FW rule allowing just my test local user but the Captive Portal keeps popping up.

  • 0 in reply to lferrara

    Make sure you are running v16.05

  • 0 in reply to lferrara

    Yep I am using 16.05.3 MR3

    I have Captive Portal disabled in FW Rule 1 and applied to the test user only in Users or Groups

    Still get a Captive Portal pop up

     

  • 0 in reply to M8ey

    Ian,

    check the Authentication > Services > Captive Portal settings

    If your are using SAA (Sophos Authentication Agent), you should see live users counter incrementing.

    Check the access_server log as I wrote before by connecting to XG using putty client > option 5 and option 3 using admin account

    Regards

  • 0 in reply to lferrara

    Thanks Luk,

    I have disabled Captive Portal in every place I can but it still comes up on the Client PC. This is really getting frustrating now.

    Edit_ when I go access_server I get pages of things - what am I looking for?

  • 0 in reply to M8ey

    Ian:

    • what DNS are your computer using? If they are using public DNS, make sure a DNS allow rule exist
    • To access logs, type cat /var/tslog/access_server.log and check if you see the computer authenticated
    • Check the authentication log from Log viewer too
    • Clear the browser cache
    • If it does not help, reboot the XG and see if captive portal appears again

    Thanks

Reply
  • 0 in reply to M8ey

    Ian:

    • what DNS are your computer using? If they are using public DNS, make sure a DNS allow rule exist
    • To access logs, type cat /var/tslog/access_server.log and check if you see the computer authenticated
    • Check the authentication log from Log viewer too
    • Clear the browser cache
    • If it does not help, reboot the XG and see if captive portal appears again

    Thanks

Children
  • 0 in reply to lferrara

    Thanks Luk,

     

    DNS is internal DNS Server (Domain Controller)

    Will do the logs shortly.

    Authentication log doesn't show the user I am testing at all. (only if I enter those user details in the captive portal pop up - then it shows)

    Cleared Cache and used Chrome as well.

    Will reboot the XG after hours tonight. I think something is stuck as Captive Portal is totally disabled as far as I can see yet keeps popping up.

     

    Will report back tomorrow. 

    Thanks for your time Luk.

  • 0 in reply to M8ey

    Well no change after a reboot.

    I still get shown the captive portal for the Proxy authentication.

     

    The strange part is in Team Viewer I have set the user / pass and it works fine.

    When I open a web page it stalls and wont do much before it redirects me to a captive Portal - which I have no clue where thats from as all were off so I am guessing the XG Proxy must ignore those rules. Once I log in via the web portal I am OK again.

    Logs don't show me anything at all  - until I use the captive portal then I authenticate.

    Maybe MR3 Proxy Auth is broken

  • 0 in reply to M8ey

    Ian,

    Please share your firewall rules and captive portal authentication settings.

    Thanks