Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 18333 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Authentication Agent causes user's group to reset to "Open Group" on login.

TroyCarpenter

I have a number of users divided into different groups with different access and time limitations.  I've found that whenever a user logs in using CAA on Windows, their group changes back to the "Open Group".

All the users in question are authenticated via LDAP and the Open group is the default group.  However, that seems like it should only apply to their first login.  After their account is created in XG, the assigned group should stay and not be reset during an authentication action.



This thread was automatically locked due to age.
Parents
  • +1

    Hi Troy ,

    When you configure the LDAP server on XG with successful test, connection  You would need to import the Groups first as indicated on the left of your LDAP server list.  Refer article https://community.sophos.com/kb/en-us/123158 for your reference.

    After the Groups are being Imported , The Open Group would be at the top most position . We would need you to reorder the Group and Assign the Open Group at the bottom of the imported Groups  . 

    This should resolve your issue.

    Thanks and Regards

    Aditya Patel | Network and Security Engineer.

  • 0 in reply to Aditya Patel

    Thanks.  Following the KB article, I didn't get the import option with my LDAP server.   However, after doing some thinking of what the KB article was talking about, I did come across the answer.

    It turns out the default lookup field for the group is "gid", but my user records on the server didn't have that attribute (nor did the schema for my users include it).  Instead I re-purposed another field that wasn't being used (employeeType).  Once I changed the LDAP entry in XG to use that for the group, and put the name of the group I wanted into that attribute in the user record, the next time the user authenticated by any method, their group changed as expected.

Reply
  • 0 in reply to Aditya Patel

    Thanks.  Following the KB article, I didn't get the import option with my LDAP server.   However, after doing some thinking of what the KB article was talking about, I did come across the answer.

    It turns out the default lookup field for the group is "gid", but my user records on the server didn't have that attribute (nor did the schema for my users include it).  Instead I re-purposed another field that wasn't being used (employeeType).  Once I changed the LDAP entry in XG to use that for the group, and put the name of the group I wanted into that attribute in the user record, the next time the user authenticated by any method, their group changed as expected.

Children
No Data