User-ID / group mapped incorrectly

Not applicable

User-ID / group mapped incorrectly

Hi all,

I've wanted to block some sites for specific users and created an AD group on my W2K8 R2 DC. Unfortunatly I have some problems that I haven't encountered before.

When checking the user I see the user is a member of my test group, so far so good.

> show user user-IDs match-user somedomain.local\test

User Name                       Vsys    Groups
somedomain.local\test          vsys1   cn=test-block,ou=groups,ou=ou,dc=somedomain,dc=local

When checking the user/IP mapping on the firewall it lists the user:

> show user ip-user-mapping | match test

x.y.z.224   AD        somedomain.local\test                 3475             3475

Still all well. But when I browse to the blocked content, it isn't blocked. When adding the user somedomain\test to the security rule the user gets blocked!

But the username in this format is not mapped to the group, nor can I find the user in this short format.

Can I configure somewhere the full domain name should be used and not the abbreviated one?

L6 Presenter

The group mapping has an update interval to check for new group/member.  Maybe the new AD group is not learnt yet and need to wait for the update.

Not applicable

The problem was caused by wrong LDAP server properties. The FQDN of the domain was specified instead of the last portion.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!