Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 6233 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOCKS5 authentication not working

Mateusz Bender

I THOUGHT this would be simple enough - enable authentication in the UTM SOCKS options, add some users / groups, press apply. At least, that's what I did. Alas, it's not working.

Trying to get the good ol' Skype running using SOCKS. It works OK without authentication (i.e. if the auth is disabled on the UTM). If it's enabled, this is what I get in the log files:

2018:01:31-09:53:06 webadmin sockd[32496]: info: block(1): tcp/accept ]: 10.150.4.16.2307 10.150.1.34.1080: error after having read 21 bytes: access denied by AUA

2018:01:31-09:53:05 webadmin aua[32736]: id="3006" severity="info" sys="System" sub="auth" name="Trying 10.150.1.11 (radius)"
2018:01:31-09:53:05 webadmin aua[32736]: id="3006" severity="info" sys="System" sub="auth" name="Trying 10.150.1.16 (adirectory)"
2018:01:31-09:53:06 webadmin aua[32736]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="10.150.4.16" host="" user="admin" caller="socks" reason="DENIED"

Note that in the above example I'm trying to log in as the "admin" user, which was explicitly added as an allowed user to the SOCKS settings. I've also tried using AD groups, without success.

Any suggestions on what's going on?

EDIT:
I think this question is a duplicate of this topic: https://community.sophos.com/products/unified-threat-management/f/network-protection-firewall-nat-qos-ips/78491/strange-skype-and-socks5-behavior

At least, the same SOCKS authentication issue is described there. It seems it's a bug in Skype? Well, who would have known. :|

 


This thread was automatically locked due to age.
Parents
  • 0

    I just updated Skype to 7.40.0.104 and have no problems.  That looks like an incorrect password to me - what happens if you add a new user to SOCKS with a simple password?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I'm really confused. I've got the same update as you (it's recent, isn't it?), and it... works, but doesn't? If this makes sense.

    With the SOCKS proxy enabled (with authentication) and regular firewall rules I created for Skype disabled, Skype seems to work... HOWEVER, looking at the log files, it still says that the authentication failed!

    2018:02:02-20:24:11 webadmin aua[3492]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
2018:02:02-20:24:11 webadmin aua[3492]: id="3006" severity="info" sys="System" sub="auth" name="Child 28543 is running too long. Terminating child"
2018:02:02-20:24:11 webadmin aua[28795]: id="3006" severity="info" sys="System" sub="auth" name="Trying 10.150.1.11 (radius)"
2018:02:02-20:24:11 webadmin aua[28795]: id="3006" severity="info" sys="System" sub="auth" name="Trying 10.150.1.16 (adirectory)"
2018:02:02-20:24:12 webadmin aua[28795]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="10.150.4.16" host="" user="mbender" caller="socks" reason="DENIED"

    Can you check the authentication logs? I've tried various name combinations (with domain, without and using a UTM account), all ending in a similar fashion.

    EDIT: In fact, it seems that Skype is now able to connect (or shows it's properly connected anyway) regardless of the authentication status. Perhaps its using the 80/443 ports?

  • 0 in reply to Mateusz Bender

    I think you're right, Mateusz.  I saw the same thing in the aua and sockd logs, so I did a tcpdump and only saw port 443 traffic.   I think I'll open acase with Support while I think about this situation.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Mateusz Bender

    I think you're right, Mateusz.  I saw the same thing in the aua and sockd logs, so I did a tcpdump and only saw port 443 traffic.   I think I'll open acase with Support while I think about this situation.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML