i have configured ldap server profile with "base=" and "basedn=ldap string " and domain= blank.
in group mapping under available groups only groups are there and no users can be viewed. i have included two groups here. which is added in security policy rule under user option.
In authentication profile i have added above included ldap groups in allow list with login attr sAMAccountName. i have tried without adding groups with allow "all" also.
i am using captive-portal setting in redirect mode with captive portal policy rule for user identification.
I have two problems 1) i cannot view users only groups are there.
2) after adding groups in security policy cannot web-browse ie very slow almost not working , but if groups removed from policy the web-browsing is ok.
i want the rules to be applied using ldap authentication.
You cannot see users from group mapping.That is for just group mapping filter.
Also in LDAP profile you should configure Domain and add Netbios name here.
if you want to see users try the command
show user ip-user mapping all
thanks for reply. the users are not seen in security policy in user option. when select add only groups are there. the command shows all users to ip mapping..as per ldap documentation i tried except transparent mode. when try to browse same problem with added groups.
in the policy users tab did you try to write a user name because if you just click add and look and not even write a letter, you'll not see the users.
Asking just to be sure what the problem is
yes .you are right when try to write i can see all users.
my second problem when i am selecting users or groups to apply security policy like allowing app.web-browsing . it is not working.when i make any ie removing users or groups in users it working fine. i am using only one security policy for testing purpose.
can you write 2 rules with any any allow check every tab
then for the top rule select a user
then try to login with that user, make some traffic and see traffic logs for the rule name.Which rule is seen
at that time also use the command for the user's ip
show user ip-user mapping ip X.X.X.X
i created two rules and top rule with selected user . in traffic log top rule is used ie with user. and follwoing is the result of command.
> show user ip-user-mapping ip
Idle Timeout: 107s
Max. TTL: 107s
Groups that the user belongs to (used in policy)
so that means one genaral rule with any and other rules with user or groups to be created for user authentication to work?.
Wow, panos. You just saved me. I have spent hours trying to figure out why nothing shows up in the dropdown list in the Users tab in a policy rule. From your post, I learn that if I enter any text, then they show up! Thank you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!