Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Why are some users foreced to Rebind

SteveWSteveW Newbie ✭

Hi All

We have a pair of 2650s in HighAvailability config with about 300 users.

About 3 months ago we implemented MFA with LDAP lookup to an AD DC for authentication.

We are now seeing 10-15 users a week who have to rebind the TOTP.

What might be causing this and how do we fix it?

Category: SSL VPN
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    What is providing MFA the Sonicwall? What firmware version are you running?

    I havent seen this with MFA provided by Sonicwall specifically, but ran into an issue where an old password change policy was set when users were first imported, then the password policy was disabled, but would still be enforced on users that were imported when it was enabled. On a 2650 on 6.5.4.8.

    A little bit convoluted explanation, but might help. Is / was there a policy for MFA expiration?

  • SteveWSteveW Newbie ✭

    Thanks for the swift reply.


    It is SonicOS Enhanced 6.5.4.11-97n and authentication is with Google Authenticator.

    I thought that this may be related to password chaging, however, users are given to option to change their password if it has expired, and I'm seeing this on users who had changed their password several weeks ago.

    I can only see a session expiration date currently set at the maximum of 168 hours

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    I've never run into this, but note I do not allow users to change their passwords through the Sonicwall.

    Might be time to open a ticket with support.

Sign In or Register to comment.