This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD-SSO not working

Hello,

I am trying to configure AD-SSO with Astaro using Proxy. I searched a lot looking for a step-by step document explaining what exactly should i do but could not find much. All i got was the below document specified in the url:

http://www.sophos.com/en-us/support/knowledgebase/2550/2450/3850/115659.aspx

I have followed the steps in the url and configured it. Now when i click on test user in the Webadmin ( Definition & Users>Authentication Servers>Base DN) by giving my credentials it tests ok. i tried giving wrong credentials also it contacts AD and gave error of wrong credentials. So this seems to be working..Previously i was running Transparent Mode with No Authentication that i changed to Standard Mode with AD-SSO Authentication.

Now i have only allowed my user and restricted all other users for testing. I configured IE with Proxy of Astaro's internal address with port 8080.. That's not working.. As i tried to surf i was allowed internet, that's fine as i allowed my user, but then i logged in with different user which is blocked but still Internet was available and he could surf everything.

So please let me know if i am missing anything in configuration, or if anybody has a guide explaining step by step procedure what needs to be done in Astaro, AD server and Client Browser side then please share.

This thread was automatically locked due to age.

Parents

0 dhyanesh.mehta over 13 years ago

Hello Achim,

Thanks a lot for the reply. Answers to your questions:
I have not ticked the limit to backend membership. Is it critical to do so? if you can explain what is it used for and what difference will it make then it will clear our confusion.

Currently we have Transparent mode with no authentication. We have created separate profiles according to departments and have added machines with their IP address in to the respective profiles. But we want to change it to User based hence trying AD-SSO.

User field is blank in the http proxy log file when AD-SSO is configured.

Also just want to know there should be a pop-up for credentials in the browser once the proxy is setup in that browser correct? I mean due to SSO if i am logged in to my system and opening the browser then it might take my credentials from my system but suppose i am using another system then while opening browser should ask for credentials right? once i provide right credentials then only it should allow me access to webpages, isnt it?

Please let me know if any more information is needed from my side. I will really appreciate your help.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dhyanesh.mehta over 13 years ago

Hello Achim,

Thanks a lot for the reply. Answers to your questions:
I have not ticked the limit to backend membership. Is it critical to do so? if you can explain what is it used for and what difference will it make then it will clear our confusion.

Currently we have Transparent mode with no authentication. We have created separate profiles according to departments and have added machines with their IP address in to the respective profiles. But we want to change it to User based hence trying AD-SSO.

User field is blank in the http proxy log file when AD-SSO is configured.

Also just want to know there should be a pop-up for credentials in the browser once the proxy is setup in that browser correct? I mean due to SSO if i am logged in to my system and opening the browser then it might take my credentials from my system but suppose i am using another system then while opening browser should ask for credentials right? once i provide right credentials then only it should allow me access to webpages, isnt it?

Please let me know if any more information is needed from my side. I will really appreciate your help.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data