Hi,
I'm running a 2-node cluster of ASG220s (new firmware 9.103-5). Our AD server(s) are Windows 2008 R2. I've got authentication working using port 389 but I'd like to encrypt these communications. When I try to tick the box and change the port to 636, the test fails. I read the following article:
Configuring HTTP/HTTPS proxy access with AD SSO with a Sophos UTM
In it, it says "It is likely that you will want to leave the 'SSL' box unchecked and the 'Port' unchanged at 389."
Why? I see in my Event Logs on the DC warningevery 24 hours or so:
[FONT="Courier New"]Event 2887: ActiveDirectory_DomainService
During the previous 24 hour period, some clients attempted to perform LDAP binds that were either:
(1) A SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP bind that did not request signing (integrity validation), or
(2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection[/FONT]
Does anyone have any more info on how to configure this properly? I am assuming it might have something to do with using a self-signed certificate on the AD servers? Is there some way to import this cert to the ASG so it validates? (if that's even the issue...)
Thanks!
This thread was automatically locked due to age.
