Solved

Sonicwall SSO

Posted on 2016-09-05
11
79 Views
Last Modified: 2016-09-14
I have wireless users authenticating to our Sonicpoints with their AD credentials through a RADIUS server with no problems.

I have the Sonicwall SSO agent installed and connecting the Sonicwall and our DC.
 
I have our Sonicwall sending logs to a SysLog server with no problems.

However I cannot see any authenticated users traffic appearing in the syslogs?

Any help would be greatly appreciated.
0
Comment
Question by:matedwards
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 8

Expert Comment

by:J Spoor
ID: 41784976
Is SSO enforced on the zone?
Are the users logging into the DC?
Is file & printsharing enabled and allowed in the windows firewall for at least eh SSO agent?



View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com

Multiply the effectiveness of your APT Sandbox, stop unknown and zero-day attacks at the gateway. See a demo on http://apt-demo.com or http://atp.demo.com

You can also view the Next-Generation Firewalls via
http://next-generation-firewall.com or http://next-generation-firewall-demo.com
0
 

Author Comment

by:matedwards
ID: 41785225
Many thanks jspoor..

SSO is enforced on the wireless zone.

Users can log in with their AD credentials. The Sonicpoint is configured to pass the credentials to a RADIUS server that authenticates against a DC.

The firewall of the DC is turned off for now to get the SSO working.

When I 'check agent connectivity' it all works. When I 'check user' I only get the choice to choose 'netAPI'. Not 'From the Domain Controller' or 'Both'. (below) And get a [53] network path not found error.

Also, does this mean every client joined to the wireless zone has to have it's firewall turned off?




 netAPI.png
0
 
LVL 8

Expert Comment

by:J Spoor
ID: 41785231
if users log in via radius, their ip is not in the dc security logs, so you need the agent to do netapi to the end station

use the check user test to see if the agent can query the end station
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:J Spoor
ID: 41785233
error 53 usually means win firewall is blocking netapi queries
0
 

Author Comment

by:matedwards
ID: 41785238
Is there a way fo getting the user to authenticate straight to the DC (LDAP) not via a RADIUS server?

The Sonicpoint only shows how to configure WPA2-AUTO-EAP and RADIUS Server settings.
0
 

Author Comment

by:matedwards
ID: 41785244
I can query and end station if it is Windows (not Mac , Linux, or Chrome) and I turn off its firewall.
0
 
LVL 8

Accepted Solution

by:
J Spoor earned 500 total points
ID: 41785258
you can have them login to the firewall webui,
if you in the LDAP config, set the default group to trusted users,
then create a WLAN to WAN firewall rule for service HTTP with users trusted users, when not authenticated they will get a login page.
0
 

Author Comment

by:matedwards
ID: 41785264
Will try first thing tomorrow.. Thanks for again for all your advice..
0
 

Author Comment

by:matedwards
ID: 41785828
A little confused as to what actually authenticates the user?

The LDAP + Local users authentication works in the Sonicwall.

But the sonicpoints themselves only have configuration for RADIUS not LDAP. (below)

radius.JPG
0
 
LVL 8

Expert Comment

by:J Spoor
ID: 41785863
The screenshot is to authenticate the client via 802.1x to the Access Point, not to the firewall (at this moment in time).

the SSO process or login to the webui will authenticate the user to the Firewall.
0
 

Author Closing Comment

by:matedwards
ID: 41798259
The users are presented with a login webpage  for authentication. And their names appear in the logs once they login.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Support licences 3 39
Cisco Aironet 1140: setting up basic SSID 12 61
Internet link load balancer 6 117
Bounjour service for iPhones through Wireless Cisco controller (2504) 3 46
In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question