LDAP User based policy not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LDAP User based policy not working

L1 Bithead

Essentially, I aim to enable users to access the internet after being prompted with a captive portal and entering their LDAP username and password. Each user should have a separate policy. I have configured the LDAP server, portal, and other settings, but after entering credentials on the captive portal login page, the internet page does not load.

 

My policy is set to allow any to any with the source user as the AD username. However, if I set the source user as "Any," then I am able to access the internet. Why is the internet not working when the source is set as an LDAP user? Can anyone provide assistance with this issue?

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

what is the format you use in your security rule to identify the user (upn, san,...) and how are they actually mapped (show user ip-user-mapping all)

the captured username needs to match the username in the security rule

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

what is the format you use in your security rule to identify the user (upn, san,...) and how are they actually mapped (show user ip-user-mapping all)

the captured username needs to match the username in the security rule

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Yeah, fixed the issue.
Policy was not matching because of the username mismatch in the policy vs captive portal input username.

  • 1 accepted solution
  • 1308 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!