08-07-2014 05:51 PM
I started running into this group mapping issue after update a client to 6.0.4.
We have a policy which matches on an Active Directory group for SSLVPN and what they can access. The same A.D. group is used in the Kerberos authentication profile to auth to VPN.
After the update, these users are no longer matching on this policy. There is a policy just above it utilizing a different A.D. group and users from that group match just fine.
I did notice in the CLI if I do a show user group mapping ?, it lists the LDAP format of the group name as oppose to domain/group... whereas for the group which is working, it shows domain/group.
If I go to the policy and delete the group then add the group back name in via the LDAP format, it auto-resolves it to the group\domain format as soon as I hit enter.
08-07-2014 06:11 PM
Eureka. Apparently 6.0.4 may have a problem processing group names which have a hyphen. I create a new group with the same users which lacked a hyphen and it matched as expected. Added a hyphen to the new group and it stopped.
08-07-2014 06:11 PM
Eureka. Apparently 6.0.4 may have a problem processing group names which have a hyphen. I create a new group with the same users which lacked a hyphen and it matched as expected. Added a hyphen to the new group and it stopped.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
