- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-01-2012 06:55 AM
Hi all,
I've wanted to block some sites for specific users and created an AD group on my W2K8 R2 DC. Unfortunatly I have some problems that I haven't encountered before.
When checking the user I see the user is a member of my test group, so far so good.
> show user user-IDs match-user somedomain.local\test
User Name Vsys Groups
------------------------------------------------------------------
somedomain.local\test vsys1 cn=test-block,ou=groups,ou=ou,dc=somedomain,dc=local
When checking the user/IP mapping on the firewall it lists the user:
> show user ip-user-mapping | match test
x.y.z.224 AD somedomain.local\test 3475 3475
Still all well. But when I browse to the blocked content, it isn't blocked. When adding the user somedomain\test to the security rule the user gets blocked!
But the username in this format is not mapped to the group, nor can I find the user in this short format.
Can I configure somewhere the full domain name should be used and not the abbreviated one?
03-01-2012 09:31 AM
The problem was caused by wrong LDAP server properties. The FQDN of the domain was specified instead of the last portion.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!