Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 42 replies
  • Subscribers 1 subscriber
  • Views 20563 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD BASE DN Problem

color_n
hello

i have problem with authenticating users over AD , they all pass my proxy filter 

2010:02:18-14:53:17 astaro httpproxy[31000]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.23.21" user="" statuscode="304" cached="0" profile="REF_OIKbLRYudm (AD_proxy users)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" time="60 ms" request="0xa6cb0f00" url="googleads.g.doubleclick.net/.../test_domain.js" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""  

this is just an example , this is server configuration

BIND DN :
CN=Administrator,CN=Users,DC=mydomain,DC=local
BASE DN :
DC=mydomain,DC=local

do i need to create OU on AD , or just groups with users ? 

please advice how to solve this situation .

Thanks in advance


This thread was automatically locked due to age.
Parents
  • 0
    If you're still having the problem, please show new lines from the 'Content Filter (HTTP)' log and a new picture of the edit of the "Proxy1 AD" group.

    Bob I had the same issue ,what should the exact name be? Should we delete all users and just edit the first line with ?

    I don't understand this question.  Backend groups authenticated with AD don't have any users listed in them.  The issue in this thread is that, in defining the Astaro Backend Group, the drag-and-drop brings over the whole distinguished name instead of just the AD group name.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    hy

    exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""
    2010:02:20-10:42:55 astaro httpproxy[20046]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.130" user="" statuscode="200" cached="0" profile="REF_lOFVfIkFUA (Proxy1 AD)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="26046" time="635 ms" request="0xb1e99278" url="www.facebook.com/" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""
    2010:02:20-10:42:57 astaro httpproxy[20046]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.130" user="" statuscode="200" cached="0" profile="REF_lOFVfIkFUA (Proxy1 AD)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="31474" time="186 ms" request="0xb1e99278" url="b.static.ak.fbcdn.net/.../aiu2gxi8.js" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""
    2010:02:20-10:42:57 astaro httpproxy[20046]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.130" user="" statuscode="200" cached="0" profile="REF_lOFVfIkFUA (Proxy1 AD)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="53529" time="216 ms" request="0xb1e05340" url="b.static.ak.fbcdn.net/.../a51vav1u.css" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""
    2010:02:20-10:42:59 astaro httpproxy[20046]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.130" user="" statuscode="200" cached="0" profile="REF_lOFVfIkFUA (Proxy1 AD)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="155569" time="426 ms" request="0xb1e99278" url="b.static.ak.fbcdn.net/.../5j3aple8.js" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error="" 

    i have changed only group definition ,here are screenshots, cheers.
Reply Children
No Data