Sophos UTM - Active Directory


#1

Hello,

First time posting here :). I am having some difficulty getting Sophos UTM working with my local Active Directory domain. I have followed the instructions available on the Duo site and I can authenticate with my Duo proxy which is configured with ‘[radius_server_auto]’ and which returns ‘server test passed’. I also have a ‘[cloud]’ section in the config file which allowed for AD Sync on the Duo website (this also works fine). If I however try to do a test authentication with an AD account through the Sophos UTM and select ‘ssl’ as ‘nas’ identifier, the following event is thrown ‘Radius authentication failed’ and ‘No groups have been found for this user’. What am I missing here?

Example of [ad_client]
[ad_client]
host=192.168.1.1
service_account_username=name
service_account_password=password
search_dn=CN=Users,DC=corp,DC=domain,DC=com
security_group_dn=CN=VPNUsers,CN=Users,CN=corp,CN=domain,CN=com

Any help you can offer up would be much appreciated :).

Les


#2

A quick thought is to try it without the security_group_dn specified.

Second thought - are you assigning access profiles based on LDAP group membership? RADIUS using ad_client won’t be able to return groups info from AD to your UTM.

If that’s the case, please contact Duo Support for 1:1 assistance.