topic Re: ldap user authentication in security policy not working in General Topics

ldap user authentication in security policy not working

RasheedAhmedKhan — Sun, 09 Mar 2014 17:24:58 GMT

i have configured ldap server profile with "base=" and "basedn=ldap string " and domain= blank.

in group mapping under available groups only groups are there and no users can be viewed. i have included two groups here. which is added in security policy rule under user option.

In authentication profile i have added above included ldap groups in allow list with login attr sAMAccountName. i have tried without adding groups with allow "all" also.

i am using captive-portal setting in redirect mode with captive portal policy rule for user identification.

I have two problems 1) i cannot view users only groups are there.

2) after adding groups in security policy cannot web-browse ie very slow almost not working , but if groups removed from policy the web-browsing is ok.

i want the rules to be applied using ldap authentication.

Re: ldap user authentication in security policy not working

Retired Member — Mon, 10 Mar 2014 15:28:11 GMT

Hi,

You cannot see users from group mapping.That is for just group mapping filter.

Also in LDAP profile you should configure Domain and add Netbios name here.

if you want to see users try the command

show user ip-user mapping all

Re: ldap user authentication in security policy not working

Retired Member — Mon, 10 Mar 2014 15:45:39 GMT

Also check

How to Configure LDAP Authentication

Group Filters when Configuring LDAP

Re: ldap user authentication in security policy not working

RasheedAhmedKhan — Mon, 10 Mar 2014 16:45:20 GMT

thanks for reply. the users are not seen in security policy in user option. when select add only groups are there. the command shows all users to ip mapping..as per ldap documentation i tried except transparent mode. when try to browse same problem with added groups.

Re: ldap user authentication in security policy not working

Retired Member — Mon, 10 Mar 2014 16:59:32 GMT

in the policy users tab did you try to write a user name because if you just click add and look and not even write a letter, you'll not see the users.

Asking just to be sure what the problem is

Re: ldap user authentication in security policy not working

RasheedAhmedKhan — Mon, 10 Mar 2014 17:33:52 GMT

yes .you are right when try to write i can see all users.

my second problem when i am selecting users or groups to apply security policy like allowing app.web-browsing . it is not working.when i make any ie removing users or groups in users it working fine. i am using only one security policy for testing purpose.

Re: ldap user authentication in security policy not working

Retired Member — Mon, 10 Mar 2014 17:46:07 GMT

can you write 2 rules with any any allow check every tab

then for the top rule select a user

commit

then try to login with that user, make some traffic and see traffic logs for the rule name.Which rule is seen

at that time also use the command for the user's ip

show user ip-user mapping ip X.X.X.X

Re: ldap user authentication in security policy not working

RasheedAhmedKhan — Mon, 10 Mar 2014 18:27:42 GMT

i created two rules and top rule with selected user . in traffic log top rule is used ie with user. and follwoing is the result of command.

> show user ip-user-mapping ip

User:        darah\rasheed
From:        CP
Idle Timeout: 107s
Max. TTL:    107s
Groups that the user belongs to (used in policy)

so that means one genaral rule with any and other rules with user or groups to be created for user authentication to work?.

Re: ldap user authentication in security policy not working

pwoll — Sat, 28 Jun 2014 18:34:22 GMT

Wow, panos. You just saved me. I have spent hours trying to figure out why nothing shows up in the dropdown list in the Users tab in a policy rule. From your post, I learn that if I enter any text, then they show up! Thank you!