Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 42 replies
  • Subscribers 1 subscriber
  • Views 20563 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD BASE DN Problem

color_n
hello

i have problem with authenticating users over AD , they all pass my proxy filter 

2010:02:18-14:53:17 astaro httpproxy[31000]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.23.21" user="" statuscode="304" cached="0" profile="REF_OIKbLRYudm (AD_proxy users)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" time="60 ms" request="0xa6cb0f00" url="googleads.g.doubleclick.net/.../test_domain.js" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""  

this is just an example , this is server configuration

BIND DN :
CN=Administrator,CN=Users,DC=mydomain,DC=local
BASE DN :
DC=mydomain,DC=local

do i need to create OU on AD , or just groups with users ? 

please advice how to solve this situation .

Thanks in advance


This thread was automatically locked due to age.
  • 0 in reply to wingman
    Hy.  , it is part of domain, it was functioning for a few days then it stopped don't know why , I will send you later today all screenshots so you will see maybe where my mistake .
    It

    It
  • 0 in reply to color_n
    I have the same issue when using exceptions sometimes it goes to default filter action try another user without any exceptions 
    also check Astaro time and DC server time
  • 0
    Also, please show the relevant lines from the 'User authentication daemon' log.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    hy

    here are screenshots i didn't find anything on the 'User authentication daemon' just logins from vpn authentication.

    here are logs :

    2010:02:19-07:55:04 astaro httpproxy[6806]: [0xa8ddce88] ssl_log_errors (ssl.c:41) C: 6806:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:842:
    2010:02:19-07:55:04 astaro httpproxy[6806]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.137" user="" statuscode="304" cached="0" profile="REF_OIKbLRYudm (AD_proxy users)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" time="9 ms" request="0xa8ddc798" url="www.jutarnji.hr/.../jutarnjiOnline.jpg" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""
    2010:02:19-07:55:04 astaro httpproxy[6806]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.137" user="" statuscode="304" cached="0" profile="REF_OIKbLRYudm (AD_proxy users)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" time="10 ms" request="0xa8ddc9f0" url="www.jutarnji.hr/.../berlin_249938S4.jpg" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""
    2010:02:19-07:55:04 astaro httpproxy[6806]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.137" user="" statuscode="304" cached="0" profile="REF_OIKbLRYudm (AD_proxy users)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" time="4 ms" request="0xa8ddc798" url="www.jutarnji.hr/.../srdarev_249852S4.jpg" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""
    2010:02:19-07:55:04 astaro httpproxy[6806]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.137" user="" statuscode="304" cached="0" profile="REF_OIKbLRYudm (AD_proxy users)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" time="4 ms" request="0xa8ddc9f0" url="www.jutarnji.hr/.../hemon_249858S4.jpg" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""
    2010:02:19-07:55:04 astaro httpproxy[6806]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.137" user="" statuscode="304" cached="0" profile="REF_OIKbLRYudm (AD_proxy users)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" time="5 ms" request="0xa8ddc798" url="www.jutarnji.hr/.../sade_249871S4.jpg" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""
    2010:02:19-07:55:04 astaro httpproxy[6806]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.137" user="" statuscode="304" cached="0" profile="REF_OIKbLRYudm (AD_proxy users)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" time="4 ms" request="0xa8ddc9f0" url="www.jutarnji.hr/.../ikonografija_249611S4.jpg" exceptions="av,auth,content,url,certcheck,certdate,mime,cache" error=""
    2010:02:19-07:55:04 astaro httpproxy[6806]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.137" user="" statuscode="304" cached="0" profile="REF_OIKbLRYudm (AD_proxy users)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="0" time="4 ms" request="0xa8ddc798" url="www.jutarnji.hr/.../teen385_filmovi_242654S0.jpg" exceptions="av,auth,content,url,certcheck,certdate,mime,cache"
  • 0
    It appears from your photos that there is a filter assignment called Proxy1 AD (you didn't attach the photo of this assignment) the user from the log doesn't belong to the group that is defined in this filter so the fallback action is applied instead
    check the group and the user; remove the authentication exception for the site Jutarnji.hr, so you can see the user name
  • 0
    I think techuser means to check your AD server to be sure that the user at IP="10.0.0.137" is a member of the Proxy1 AD group.  If that IP is in "Internal (Network)" but not in "lan_mreza_A_klasa" then that would be the cause of your problem.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I mean check if this user belongs to the group that is defined in the filter assignment called "Proxy1 AD", because even if the IP address of the PC is in the "lan_mreza_A_klasa" and the user in not in any group such error will appear
  • 0 in reply to techuser
    hy everyone 

    i have tried everything but problem is the same , that user is in the group Proxy1 on domain , but when i try to check it it gives me error (see picture ).
    I have checked the network setting LAN_A_mreza (it a class subnet) but problem is the same , this user auth log :

    2010:02:22-16:46:15 astaro aua[30444]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="10.0.0.232" user="bpetak" caller="webadmin" engine="local"
    2010:02:22-16:57:18 astaro aua[30746]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="0.0.0.0" user="jmartinac" caller="pptp" engine="local"
    2010:02:22-16:57:26 astaro aua[30768]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="10.0.0.232" user="bpetak" caller="webadmin" engine="local"
    2010:02:22-19:42:12 astaro aua[4203]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="0.0.0.0" user="saguaro" caller="pptp" engine="local"
    2010:02:22-19:42:32 astaro aua[4229]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="10.242.1.2" user="admin" caller="webadmin" engine="local"
    2010:02:22-19:44:26 astaro aua[4291]: id="3006" severity="info" sys="System" sub="auth" name="Spawned child for authentication test"
    2010:02:22-19:44:26 astaro aua[4291]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test request: m:adirectory, f:none, u:zgzad_salter1, ip:"
    2010:02:22-19:44:26 astaro aua[4291]: id="3006" severity="info" sys="System" sub="auth" name="Testing method adirectory"
    2010:02:22-19:44:26 astaro aua[4291]: id="3006" severity="info" sys="System" sub="auth" name="Trying 10.0.0.240 (adirectory)"
    2010:02:22-19:44:26 astaro aua[4291]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test failed: User could not be authenticated" 

    how is that user isn't recognised ?
  • 0
    what did you put in the Base DN?