Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1021 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Login screen appears for Users after AD SSO is enabled

johanpot
After I enabled the Web proxy in SSO AD mode, about 70% of users could authenticate to the proxy without entering their username and password, thus the AD SSO is working for them.

a Pop up login screen appears at the other users whenever their browser is opened, if they enter their login details, the web browsing works.  This login isn't suppose to appear in SSO mode.

Please assist what the cause of the problem could be?

I'm running 2 ASG320 in active/active cluster mode, firmware:  7.403


This thread was automatically locked due to age.
  • 0
    Have you checked to see if the allowed users have an Astaro User Definition created by syncing with AD?  Are the other users ones which weren't already synced?  Or Users that pre-existed SSO in the Astaro and are listed as "Locally authenticated" in their User Definition? Or ???

    This is interesting.  I'm looking forward to seeing what is probably a simple answer that I should see already.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I defined two groups under the HTTP/S which are synced from active directory.

    The funny thing is, it all started working, but after a week everything went haywire, as nobody could authenticate anymore, all users got the authentication failed screen.

    I checked through the logs and the following appeared.  I would gladly appreciate it if you are able to help me as we had to switch off the proxy when this happened, because my whole company couldn't browse the internet anymore.

    Content filter:

    6-09:56:04 TasimaGateway-2 httpproxy[16050]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.10.0.66" user="lisa.kuhn" statuscode="407" cached="0" profile="REF_lHKOUWiiDD (Tasima Internet)" filteraction=" ()" size="2202" time="9 ms" request="0x832c608" url="www.gmail.com/favicon.ico" exceptions="" error=""
    2009:07:16-09:56:04 TasimaGateway-2 httpproxy[16050]: [ 0x835dd18] auth_adir_auth_crap_callback (auth_adir.c:877) Authorization denied (NT_STATUS_NO_LOGON_SERVERS)


    2009:07:16-07:38:34 TasimaGateway [daemon:err] winbindd[8682]:   rpc_api_pipe: Remote machine tasdc01.tasima.co.za pipe \NETLOGON fnum 0xc006returned critical error. Error was Call timed out: server did not respond after 10000 milliseconds
    2009:07:16-07:48:14 TasimaGateway [daemon:err] winbindd[8682]: [2009/07/16 07:48:14, 0] libsmb/clientgen.c:cli_receive_smb(111)

    HA log

    2009:07:16-11:00:54 TasimaGateway-1 ha_daemon[3174]: id="38A1" severity="warn" sys="System" sub="ha" name="Current load average 11.94 of node 2 is to high, please check you system!"
  • 0
    Try to rejoin Astaro to the domain and test a user