Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Configure a Novell eDirectory compatible STAS

Sophos Firewall supports single sign-on (SSO) authentication for Novell's eDirectory through Sophos Transparent Authentication Suite (STAS). Once users are authenticated, STAS grants them access to resources.

Introduction

In this example, you want to configure STAS and Sophos Firewall to authenticate users with the Novell eDirectory server.

Configure Novell eDirectory settings in STAS

  1. Sign in to the server with the STAS application using the administrator credentials.
  2. Start STAS from the desktop or Start menu.
  3. Go to General > Monitored Domains.
  4. For Domain Type, select Novell eDirectory.

    Set Domain Type to Novell eDirectory.

  5. Click the ellipses button [...] to open the Novell eDirectory Configuration window.

    Click ellipses to open the eDirectory configuration window.

  6. Specify the following example settings:

    Parameter Value Description
    IP address 192.168.2.10 IP address of the eDirectory server.
    Port 389

    The port on which STAS will communicate with eDirectory.

    Secure LDAP port 636 isn't supported.

    Base DN o=sophos The top level of the LDAP directory tree.
    Admin DN cn=administrator,
    o=sophos
    The administrator's identification.
    Password Sophos123! The administrator's password.

    Configure the Novell eDirectory settings.

  7. Click Test Connection to test the connectivity with the server.

  8. Click OK.
  9. Go to STA Agent and select EDIRECTORY as the STA Agent mode.
  10. Go to Monitored Networks, click Add, and enter the networks to be monitored.

    Here's an example:

    Select EDIRECTORY as the STA Agent mode.

  11. Go to STA Collector > Sophos Appliances and click Add.

  12. Enter the IP addresses of the Sophos Firewall appliances in the network.

    Here's an example:

    Enter the IP address of the Sophos Firewall.

  13. Click OK.

Configuring Sophos Firewall

  1. Sign in to the command line using Telnet or SSH. You can also access it from admin > Console in the upper-right corner of the web admin console.
  2. Choose option 4. Device Console.
  3. Enter the following commands:

    1. system auth cta disable
    2. system auth cta enable
    3. system auth cta collector add collector-ip <ipaddress> collector-port <port number> create-new-collector-group
    4. system auth cta show

    Here's an example:

    Use these commands on Sophos Firewall.

More resources