WebAdmin authentication failing with AD account + One Time Password
I am new to Sophos UTM and so far I really like it. I recently performed a fresh install with 9.314-13.1 and a few days later upgraded to 9.315-2. I have a weird issue that I suspect is a bug, has anyone seen this issue or know if/when it can be fixed?
I have enabled AD authentication with the One-time Password feature and require it for login with the WebAdmin and UserPortal. Twice I have had the same issue where I am unable to login to the WebAdmin, the page says "Invalid username or password" although I can login to the UserPortal with the exact same credentials with no problem at all. To resolve the issue I had to login to WebAdmin with a local account and do some troubleshooting but it seems like the fix is flushing authentication cache and deselect the WebAdmin checkbox under Enable OTP for facilities, login to WebAdmin with my AD account in a 2nd browser without the OTP, then re-enable the WebAdmin OTP facilities in 1st browser. I can then login into the WebAdmin with my AD account and OTP for a day or so.
I have posted a snippet of WebAdmin Live Log User authentication daemon below.
2015:08:11-21:56:23 ngfw aua[58740]: id="3006" severity="info" sys="System" sub="auth" name="Failing OTP auth because there is no user object"
2015:08:11-21:56:23 ngfw aua[58740]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."
2015:08:11-21:56:23 ngfw aua[58740]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.1.X" host="" user="john.doe" caller="webadmin" reason="DENIED"
2015:08:11-21:56:37 ngfw aua[58763]: id="3006" severity="info" sys="System" sub="auth" name="Unknown user john.doe"
2015:08:11-21:56:37 ngfw aua[58763]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.Y (adirectory)"
2015:08:11-21:56:38 ngfw aua[58763]: id="3006" severity="info" sys="System" sub="auth" name="Failing OTP auth because there is no user object"
2015:08:11-21:56:38 ngfw aua[58763]: id="3006" severity="info" sys="System" sub="auth" name="Failing OTP auth because there is no user object"
2015:08:11-21:56:38 ngfw aua[58763]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."
2015:08:11-21:56:38 ngfw aua[58763]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.1.X" host="" user="john.doe" caller="webadmin" reason="DENIED"
2015:08:11-21:56:45 ngfw aua[58781]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="192.168.1.X" host="" user="admin" caller="webadmin" engine="local"
2015:08:11-22:10:01 ngfw update_ad_bg_members[60011]: main:58 severity="info" sub="update_ad_bg_members" name="Running update_ad_bg_members"
2015:08:11-22:10:02 ngfw update_ad_bg_members[60011]: main:172 severity="info" sub="update_ad_bg_members" name="Done"
2015:08:11-22:14:09 ngfw aua[3335]: id="3006" severity="info" sys="System" sub="auth" name="Child 58781 is running too long. Terminating child"
2015:08:11-22:14:10 ngfw aua[60205]: id="3006" severity="info" sys="System" sub="auth" name="Unknown user john.doe"
2015:08:11-22:14:10 ngfw aua[60205]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.Y (adirectory)"
2015:08:11-22:14:11 ngfw aua[60205]: id="3006" severity="info" sys="System" sub="auth" name="Failing OTP auth because there is no user object"
2015:08:11-22:14:11 ngfw aua[60205]: id="3006" severity="info" sys="System" sub="auth" name="Failing OTP auth because there is no user object"
2015:08:11-22:14:11 ngfw aua[60205]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."
2015:08:11-22:14:11 ngfw aua[60205]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.1.X" host="" user="john.doe" caller="webadmin" reason="DENIED"
This thread was automatically locked due to age.
