Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 13399 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ADDS users locked out when connected via L2TP or PPTP RAS

dmuller

Hi there,

we have several domain-joined Windows 7 PCs for home office which connect via Sophos RAS (pptp & L2TP). The VPN user is authenticated against a radius Server (RSA Token) behind the UTM 9.

All connections over the VPN  in our domain work well without any hassles, but as soon as a user opens a network path  e.g \\dc\netlogon the user is locked out within seconds. This happens only when the VPN is used. Same PCs connected directly to the LAN have no problems at all. I tried a bunch of tools to log kerberos traffic but have no clue whats going on. I dont see any firewall issue (eg TCP 88 UDP  blocked). Other PCs which are not domain members dont show this behaviour.

Firmwareversion:  9.304-9  Patternversion:  93760 

Your help is highly appreciated!



This thread was automatically locked due to age.
Parents
  • 0
    Assuming your using MS IAS/RADIUS for authentication, I would turn on extensive security logging on the DC and then look for account locked entries. That will tell you the source machine that is causing the lockout. Once you know that you can go to that machine, probably the RADIUS server, and start looking at why it's attempting so many logins and what credentials it's trying to send.
  • 0 in reply to hgriffith
    Hi hgriffith,

    thank you so much for your suggestion.

    Our radius server is RSA, origin of the lockouts is always a Windows 7 Client, not the radius server. I thought the lockouts come from cached bad passwords, but that is not the case. Authentication doesnt result in lockouts but connections to the DC.
  • 0 in reply to dmuller
    In the past I've seen Outlook do this. And you're correct in that cached credentials usually causes the issue. But since you say it only happens via VPN, I would think it might be something to do with the credentials being used for the VPN itself. Maybe Windows is trying to use the VPN credentials for apps or the OS when trying to connect and that's causing the issue?
Reply
  • 0 in reply to dmuller
    In the past I've seen Outlook do this. And you're correct in that cached credentials usually causes the issue. But since you say it only happens via VPN, I would think it might be something to do with the credentials being used for the VPN itself. Maybe Windows is trying to use the VPN credentials for apps or the OS when trying to connect and that's causing the issue?
Children
Unfiltered HTML