Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 1 subscriber
  • Views 9242 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSO issue

PeterRL
Hi All,

I´m posting on the forum for the first time, so please excuse in advance, if the information posted is not enough.

I´m currently installing a UTM 9.006-5 and i need it to use SSO in a Explict Proxy mode, but for some reason, the SSO isn´t working.

The AD is 2008 R2, and i´ve several events like this ones:

http" request="0x88354e0" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="841" message="Authorization denied (NT_STATUS_ACCESS_DENIED)" 

The UTM was added to the AD without any problem. I even rejoin the UTM (deleting the previous object on AD first), but still no luck.

Let me know please, and thanks in advance.


This thread was automatically locked due to age.
Parents
  • 0
    What related lines do you see in the Web Filtering log? Winbindd errors?  crap_callback?  Please show us several related lines.

    Cheers - Bob
  • 0 in reply to BAlfson
    Here's log file:

    2013:05:08-14:56:40 BOWSPUTM42501-2 httpproxy[5197]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x92cf6e8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="841" message="Authorization denied (NT_STATUS_ACCESS_DENIED)"
    2013:05:08-14:56:40 BOWSPUTM42501-2 httpproxy[5197]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.50.1.144" dstip="" user="newtona" statuscode="407" cached="0" profile="REF_HttProIctItDefau (ICT IT Default)" filteraction=" ()" size="2409" request="0x92cf6e8" url="www.google.co.uk/" exceptions="" error=""
    2013:05:08-14:56:52 BOWSPUTM42501-2 httpproxy[5197]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x92cf6e8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="841" message="Authorization denied (NT_STATUS_ACCESS_DENIED)"
    2013:05:08-14:56:52 BOWSPUTM42501-2 httpproxy[5197]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.50.1.144" dstip="" user="newtona" statuscode="407" cached="0" profile="REF_HttProIctItDefau (ICT IT Default)" filteraction=" ()" size="2409" request="0x92cf6e8" url="www.google.co.uk/favicon.ico" exceptions="" error=""

    I currently have Filter actions called ICT dept and ICT dept lunch with varying rules for both, more freedom during lunch for social media etc.

    I then have filter assignments called the same which define the allowed groups, time events and filter action.

    In proxy profiles I then have ICT at the top with both of the filter assignments included allowing any IPv4 with operation mode standard and Authentication set to Active directory. 
    Below that is the default profile with the default content filter profile and default fallback with the same networks and authentication method.

    My test filtering group in Definitions & Users > Users & Groups includes the ICTIT and ICTSQL, AD groups of which my user account is a member of that is getting the above error.

    We're on FW 9.006-5

    Thanks
Reply
  • 0 in reply to BAlfson
    Here's log file:

    2013:05:08-14:56:40 BOWSPUTM42501-2 httpproxy[5197]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x92cf6e8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="841" message="Authorization denied (NT_STATUS_ACCESS_DENIED)"
    2013:05:08-14:56:40 BOWSPUTM42501-2 httpproxy[5197]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.50.1.144" dstip="" user="newtona" statuscode="407" cached="0" profile="REF_HttProIctItDefau (ICT IT Default)" filteraction=" ()" size="2409" request="0x92cf6e8" url="www.google.co.uk/" exceptions="" error=""
    2013:05:08-14:56:52 BOWSPUTM42501-2 httpproxy[5197]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x92cf6e8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="841" message="Authorization denied (NT_STATUS_ACCESS_DENIED)"
    2013:05:08-14:56:52 BOWSPUTM42501-2 httpproxy[5197]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.50.1.144" dstip="" user="newtona" statuscode="407" cached="0" profile="REF_HttProIctItDefau (ICT IT Default)" filteraction=" ()" size="2409" request="0x92cf6e8" url="www.google.co.uk/favicon.ico" exceptions="" error=""

    I currently have Filter actions called ICT dept and ICT dept lunch with varying rules for both, more freedom during lunch for social media etc.

    I then have filter assignments called the same which define the allowed groups, time events and filter action.

    In proxy profiles I then have ICT at the top with both of the filter assignments included allowing any IPv4 with operation mode standard and Authentication set to Active directory. 
    Below that is the default profile with the default content filter profile and default fallback with the same networks and authentication method.

    My test filtering group in Definitions & Users > Users & Groups includes the ICTIT and ICTSQL, AD groups of which my user account is a member of that is getting the above error.

    We're on FW 9.006-5

    Thanks
Children
No Data