i have configured ldap server profile with "base=" and "basedn=ldap string " and domain= blank.
in group mapping under available groups only groups are there and no users can be viewed. i have included two groups here. which is added in security policy rule under user option.
In authentication profile i have added above included ldap groups in allow list with login attr sAMAccountName. i have tried without adding groups with allow "all" also.
i am using captive-portal setting in redirect mode with captive portal policy rule for user identification.
I have two problems 1) i cannot view users only groups are there.
2) after adding groups in security policy cannot web-browse ie very slow almost not working , but if groups removed from policy the web-browsing is ok.
i want the rules to be applied using ldap authentication.
yes .you are right when try to write i can see all users.
my second problem when i am selecting users or groups to apply security policy like allowing app.web-browsing . it is not working.when i make any ie removing users or groups in users it working fine. i am using only one security policy for testing purpose.
can you write 2 rules with any any allow check every tab
then for the top rule select a user
then try to login with that user, make some traffic and see traffic logs for the rule name.Which rule is seen
at that time also use the command for the user's ip
show user ip-user mapping ip X.X.X.X
i created two rules and top rule with selected user . in traffic log top rule is used ie with user. and follwoing is the result of command.
> show user ip-user-mapping ip
Idle Timeout: 107s
Max. TTL: 107s
Groups that the user belongs to (used in policy)
so that means one genaral rule with any and other rules with user or groups to be created for user authentication to work?.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!