We are running 2 2050 firewalls running 4.16 software and 2 user agents running 4.1.0-43 code. When i try to limit a policy by an AD user name it works fine. However if I want to user a AD group name it wont hit the rule if i put in the user as a group. What am i doing wrong.
MYAD\mcarlton will work for a user on a policy but
MYAD\cooladmins will not work.
What am i doing wrong?
Just some ideas, as I'm currently also playing with this feature set:
The issue might be with the format that ldap is pulling up the user as. The agent might be pulling up the user as xx/user1 whereas ldap might pull it up as yy/user1. Can you verify if the user is mapped the same from both the agent and ldap?
1. show user user-IDs match-user <user_name> : this is the one pulled by ldap
2. show user ip-user-mapping ip <ip_test_user> : this is per the agent
If the output of 1 and 2 are different, goto the ldap server profile settings and change the domain to the one listed in 2.
Please let me know if this was helpful.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!