I'm trying to get LDAP authentication working using Active directory. I have created an LDAP server profile, an Authentication Profile and Group Mapping settings profile. When I'm setting up the Group mappings I can go in and see the entire directory tree and pick groups so I know that it is connecting the the AD server and pulling information. However, in the Authentication Profile, if I try to pick users for the allow list, it doesn't find anything from the AD only local users. I have tried creating a firewall Administrator using the LDAP profile, and cannot login. When I look at the system log, it says "authentication profile not found for user".
I'm obviously missing something somewhere, but can't figure it out.
Thank-you. Should this workaround work for device Administrators as well? Because it doesn't. I haven't tried it with the Portal and VPN because I don't want to break our currently working configuration. However, when I try to add an Administrator using the same LDAP profile it will not authenticate users in AD.
The bug is not allowing the AD groups to be displayed for you to select from. So leaving the Allow List='all' at default should work for admin authentication. I suggest that you delete the Authentication Profile that is not working and create a new Authentication Profile. Make sure to set the authentication=LDAP, select the LDAP server, and the login cn=sAMAccountName if this is an AD LDAP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!