SSO - Users getting logged on with a domain admin account

MCTronixMCTronix
in Firebox - Authentication

FB running: 12.10.3, SSO Agent: 12.4.0.31209. For some reason, the SSO is logging people in with a single domain admin user account. If I log them off, they pop right back in again as that same domain user. We have looked for services that might be accessing the computers with that username but we can't find any. As far as we know, there are no services or scanners that would be accessing these computers continually with that username. What else might cause the SSO to log everyone in with that domain admin account? Since we don't allow the domain admins to use the internet, everyone is losing connection. Any ideas?

TIA!

"MC"

Comments

  • MCTronixMCTronix

    Another observation: In the status window on the Agent Configuration Tools, it is showing 2 logon types, one is ELM and the other is AD. All of the ELM IPs are showing the correct usernames. Some of the AD one's are correct as well but the others are all showing that same domain admin account. Where is it getting that domain admin user from?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Please consider upgrading the Authentication Gateway (the agent & event log monitor) -- the version you're running is very old, and quite a few issues that have popped up via windows updates have been fixed.

    (Authentication Gateway 12.10.2)
    https://cdn.watchguard.com/SoftwareCenter/Files/SSO_AGENT_CLIENT/12_10_2/WG-Authentication-Gateway_12_10_2.exe
    Released 02/08/2024 · SHA1 6b85f1ea17d58dc6381dfa7ca5c257e3a0d7982e

    -James Carson
    WatchGuard Customer Support

  • MCTronixMCTronix
    Thanks. We will give that a shot. I'll update if that works.
Sign In to comment.