Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 1431 views
  • Users 0 members are here
Options
Suggested

[7.490][BUG][FIXED] Active Directory authentication does only work with one User

piepmatz
Hi @all

Problem: if I authenticate me with my username/pw HTTP-Proxy works fine - if my girlfriend authenticates on the Webproxy then Astaro shows me the following debug information:

2009:09:08-11:25:02 gw aua[29627]: }, 'Net::LDAP::Entry' ); 
2009:09:08-11:25:02 gw aua[29627]: " 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth_directory() trying to bind to user 'CN=Sabrina Buesch,OU=Users,OU=CRAPSNET,DC=crapsnet,DC=local'" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth_directory() bind LDAP server - informational message:$VAR1 = undef; 
2009:09:08-11:25:02 gw aua[29627]: " 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth_directory(): bind failed for bindDN = CN=Sabrina Buesch,OU=Users,OU=CRAPSNET,DC=crapsnet,DC=local" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth_directory(): Authentication failed: User could not be authenticated" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Active Directory authentication failed: User could not be authenticated" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth: authentication failed with method adirectory, trying next method" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth returns result 0" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="User sab is not authenticated or authorized for facility http, all methods tried" 
2009:09:08-11:25:02 gw aua[29627]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.114.103" user="sab" caller="http" reason="DENIED" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Method: " 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Result: 0" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Ref: ''" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Groups: " 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Comment: User could not be authenticated" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="No update on blocklist desired" 
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="result: 
2009:09:08-11:25:02 gw aua[29627]: DENIED"
Parents
  • 0
    tested 7.490 here with passwords containing various non alpha-numeric passwords, and there was no problem. I'm not setup for AD atm though. Are you using standard mode auth or the new transparent with auth mode? if so, what browser are you using? something is converting "!" to the ASCII "%21" representation. If you're using the new transparent with auth, perhaps the browser is doing it, and the Astaro is not handling it properly.
Reply
  • 0
    tested 7.490 here with passwords containing various non alpha-numeric passwords, and there was no problem. I'm not setup for AD atm though. Are you using standard mode auth or the new transparent with auth mode? if so, what browser are you using? something is converting "!" to the ASCII "%21" representation. If you're using the new transparent with auth, perhaps the browser is doing it, and the Astaro is not handling it properly.
Children
No Data
Unfiltered HTML