We are trying to configure static IP assignment in globalprotect and have selected the "Retrieve framed ip address" option on the client gateway. I've also selected "Static IP Assignment" under the Dial-In tab in AD for the users and given them IPs that fall in the pool for static assignment, however my clients are not receiving their static IPs that are set in AD. It appears that LDAP may not be sending the framedIPAddress and I was wondering, has anyone else has run into this? What would prevent LDAP from sending this attribute to our GP clients?
im having the same issue. We see that client is requering framed ip but its not working. Did you solve it?
SRCH attr=framedIPAddress msRADIUSFRAMEDIPAddress framedIpv6Address msRADIUS-FramedIpv6Prefix cn pwdLastSet userAccountControl msDS-MaximumPasswordAge passwordAllowChange passwordExpirationTime passwordExpirationInterval
We did manage to resolve this, the LDAP service account ended up needing more permissions. I ended up resolving the issue by giving the LDAP service account read access to the OU following these steps: https://serverfault.com/questions/167371/what-permissions-are-required-for-enumerating-users-groups-...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!