Can't Get AD groups to be used as user authentication

Reply
Highlighted
L0 Member

Can't Get AD groups to be used as user authentication

We are running 2 2050 firewalls running 4.16 software and 2 user agents running 4.1.0-43 code.   When i try to limit a policy by an AD user name it works fine.   However if I want to user a AD group name it wont hit the rule if i put in the user as a group.  What am i doing wrong.

So

MYAD\mcarlton will work for a user on a policy but

MYAD\cooladmins will not work.

What am i doing wrong?

Thanks

Mike

Highlighted
L3 Networker

Hi

Just some ideas, as I'm currently also playing with this feature set:

  • have you included the ou where the groups are in into the group mappings? (Device --> User Identication" --> Group Mappings")
  • have you limited the LDAP Server into a Base DN where the groups are not included?

Andre

Highlighted
L5 Sessionator

Mike,

The issue might be with the format that ldap is pulling up the user as. The agent might be pulling up the user as xx/user1 whereas ldap might pull it up as yy/user1. Can you verify if the user is mapped the same from both the agent and ldap?

1. show user user-IDs match-user <user_name> : this is the one pulled by ldap

2. show user ip-user-mapping ip <ip_test_user> : this is per the agent

If the output of 1 and 2 are different, goto the ldap server profile settings and change the domain to the one listed in 2.

Please let me know if this was helpful.

Thanks,

Sri

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!