Security policy not matching for CP authenticated LDAP users

vishnusj1810 — Sat, 04 Jan 2025 10:44:13 GMT

Objective: Configure Captive portal for non-windows users to authenticate, but use AD credentials through LDAP authentication.

Configuration performed.

1. LDAP profile, Group mapping settings, server monitoring. (test command authentication is successful in CLI)

2. Captive Portal config - Authentication portal setting / Certificates / SSL profile /call LDAP profile for auth

3. Authentication Policy - redirect 'unknown' users to captive portal.

4. Security policy configured to match the AD group

Testing Observation:

1. Ubuntu user redirected to captive portal successfully

2. Credentials authenticated via LDAP.

3. Can see ip-user-mapping for the user.

4. Security policy not matching the user traffic. Traffic log shows further traffic denied from this user.

I suspect I am not supposed to use AD group in security policy for captive portal users since the ip-user-mapping for that should come from AD itself.

how can I configure security policy to match the users in this case instead of using subnets ?

Attached config and cli output

Re: Security policy not matching for CP authenticated LDAP users

P.Auguste — Wed, 03 Dec 2025 18:29:11 GMT

My users are windows users

Re: Security policy not matching for CP authenticated LDAP users

RomainSalmon — Tue, 09 Dec 2025 10:41:51 GMT

Hello, what is the exact config of your security policy which isn't matching? Can you check that if the AD group used is populated ?

show user group list

Regards

topic Re: Security policy not matching for CP authenticated LDAP users in Next-Generation Firewall Discussions

Security policy not matching for CP authenticated LDAP users

Re: Security policy not matching for CP authenticated LDAP users

Re: Security policy not matching for CP authenticated LDAP users