User-ID / group mapped incorrectly

ebo — Thu, 01 Mar 2012 14:55:33 GMT

Hi all,

I've wanted to block some sites for specific users and created an AD group on my W2K8 R2 DC. Unfortunatly I have some problems that I haven't encountered before.

When checking the user I see the user is a member of my test group, so far so good.

> show user user-IDs match-user somedomain.local\test

User Name Vsys Groups
------------------------------------------------------------------
somedomain.local\test vsys1 cn=test-block,ou=groups,ou=ou,dc=somedomain,dc=local

When checking the user/IP mapping on the firewall it lists the user:

> show user ip-user-mapping | match test

x.y.z.224 AD somedomain.local\test 3475 3475

Still all well. But when I browse to the blocked content, it isn't blocked. When adding the user somedomain\test to the security rule the user gets blocked!

But the username in this format is not mapped to the group, nor can I find the user in this short format.

Can I configure somewhere the full domain name should be used and not the abbreviated one?

Re: User-ID / group mapped incorrectly

rmonvon — Thu, 01 Mar 2012 16:00:08 GMT

The group mapping has an update interval to check for new group/member. Maybe the new AD group is not learnt yet and need to wait for the update.

Re: User-ID / group mapped incorrectly

ebo — Thu, 01 Mar 2012 17:31:14 GMT

The problem was caused by wrong LDAP server properties. The FQDN of the domain was specified instead of the last portion.

topic Re: User-ID / group mapped incorrectly in General Topics

User-ID / group mapped incorrectly

Re: User-ID / group mapped incorrectly

Re: User-ID / group mapped incorrectly