Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 16038 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.4: Sophos Transparent Authentication Suite (STAS) issues

twister5800

Hi all,

I have been testing this out for a while, my setup is Windows 10 Workstations and Windows 2012 R2 servers as DC's

Issue 1:

I actually works, but often I see in the UTM, that there are no users online here:

Definitions & Users --> Client Authentication --> Global

When this happens, no one is allowed access through the web proxy, because I set it to block on auth. failure.

Problem is that both STAS installations are showing users when the "Show Live Users" is pressed.

Issue 2:


Some users are not logged correctly, username is just "Active Directory Users", but inside the Live Log of the web proxy the "User=" shows the correct AD username for this user (192.168.110.14):

The stas.log file on the DC show no errors or anything about that the user has been logged out.

I have tried the WMI test from STAS and all with success...

This lead me to think that there may be a bug in the UTM?

Do you others have this working on UTM?



This thread was automatically locked due to age.
  • 0

    In regards to your Issue 1, I see the same thing happening frequently: the list of logged in users may suddenly appear empty when refreshed; after a few minutes, it re-appears. I don't (yet) lock down the web proxy as you do, and your issue kind of scares me away from trying it.

    I do not experience your Issue 2. All my users appear with their correct user name. However...

    I have a number of users that seem 'stuck'--not getting purged from the UTM, even though they do not appear in STAS's "Show Live Users". I can't yet figure out how to purge these users, aside from perhaps rebooting the UTM.

  • 0

    Hi,

    If Users are disconnected frequently, that means the WMI/Registry read access query is failing. Perform a WMI/Registry read access query from the User IP. I read that you already tested this and it was successful but I am not sure if you have tested it in the active IP address which was not able to access web proxy. Please redo the exercise.

    PFA screenshot:

    This can fail for several reasons:

    •Windows Firewall or Antivirus could block the WMI\Registry read access query. Add an exception for TCP port 445 and 135

    •Make sure that RPC, RPC locator, DCOM, and WMI services are enabled in the system

    •The client machine should resolve AD FQDN, if not, add host entry into machine or use the AD IP address as the primary DNS

    •If there is any router/firewall in between, make sure that port 135 and 445 are open

    •Ensure that the administrator account used in STAS has administrator rights on the client system

    Hope that helps.

    Thanks
  • 0 in reply to MatthewArciniega1

    Matthew said:

    I have a number of users that seem 'stuck'--not getting purged from the UTM, even though they do not appear in STAS's "Show Live Users". I can't yet figure out how to purge these users, aside from perhaps rebooting the UTM.

    I resolved my issue of 'stuck' users by rebooting the UTM. Doesn't explain why it happens, unfortunately. Hope this helps someone else.

  • 0 in reply to MatthewArciniega1

    Hi Mathew,

    Try flushing the authentication cache next time before going for a restart. You can flush this by navigating through Definitions & Users>Authentication Services>Authentication Cache.

    Thanks

  • 0 in reply to sachingurung

    Unknown said:

    Try flushing the authentication cache next time before going for a restart. You can flush this by navigating through Definitions & Users>Authentication Services>Authentication Cache.

    Hi Sachin. Been there, done that. Multiple times. That function doesn't seem to do anything.