Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=7c096714-0bd2-43a4-a9ce-e80bb08a3518

Configure a Novell eDirectory compatible STAS

Sophos Firewall supports single sign-on (SSO) authentication for Novell's eDirectory through Sophos Transparent Authentication Suite (STAS). Once users are authenticated, STAS grants them access to resources.

Introduction

In this example, you want to configure STAS and Sophos Firewall to authenticate users with the Novell eDirectory server.

Configure Novell eDirectory settings in STAS

  1. Sign in to the server with the STAS application using the administrator credentials.
  2. Start STAS from the desktop or Start menu.
  3. Go to General > Monitored Domains.

  4. For Domain Type, select Novell eDirectory.

    Set Domain Type to Novell eDirectory

  5. Click the ellipses button [...] to open the Novell eDirectory Configuration window.

    Click ellipses to open the eDirectory configuration window

  6. Specify the following example settings:

    Parameter Value Description
    IP address 192.168.2.10 IP address of the eDirectory server.
    Port 389 The port on which STAS will communicate with eDirectory.
    Base DN o=sophos The top level of the LDAP directory tree.
    Admin DN cn=administrator,
    o=sophos    		 The administrator's identification.
    Password Sophos123! The administrator's password.

    Configure the Novell eDirectory settings

  7. Click Test Connection to test the connectivity with the server.

  8. Click OK.
  9. Go to STA Agent and select EDIRECTORY as the STA Agent mode.

  10. Go to Monitored Networks, click Add, and enter the networks to be monitored.

    Here's an example:

    Select EDIRECTORY as the STA Agent mode

  11. Go to STA Collector > Sophos Appliances and click Add.

  12. Enter the IP addresses of the Sophos Firewall appliances in the network.

    Here's an example:

    Enter the IP address of the Sophos Firewall

  13. Click OK.

Configuring Sophos Firewall

  1. Sign in to the command line using Telnet or SSH. You can also access it from admin > Console in the upper-right corner of the web admin console.
  2. Choose option 4. Device Console.

  3. Enter the following commands:

    1. system auth cta disable
    2. system auth cta enable
    3. system auth cta collector add collector-ip <ipaddress> collector-port <port number> create-new-collector-group
    4. system auth cta show


    Here's an example:

    Use these commands on Sophos Firewall

More resources