Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 14920 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

users group automatically changes from one to another

Director KUCC

Users are fetched from the RADIUS(Authentication Server),all the users are under  in Staffs(Group Name).After creation of a new group Sales(Group Name)

and add members to that group from the Staffs(Group Name) group,after login and logout using captive portal.the user's group automatically changed to Staffs(Group Name).How to Solve this issue please help me out.

Appliance Version

CR500iNG-XP (SFOS 15.01.0 MR-3)



This thread was automatically locked due to age.
Parents
  • 0

    HI Director , 

    Seems you are using a Cyberoam appliance and migrated to SFOS ver 15. In Cyberoam , when you add an AD server connection there would be 2 options which are "Tight" and "Loose integration" . 

    In Tight integration , the Username is fetched from the AD along  with its Group association, So if you have imported the Group from AD then it would be assigned to that Group only but Group association must be set primarily on AD server.  Unless the Group is not imported then it would set to Open Group by default .  Also if you create a Group on Cyberoam itself and manage to assign a user to be a member of the Group then also it would revert back after an authentication attempt. 

    In Loose Integration, The Username is Fetched from AD but the Group association is not bound and can be managed locally on  Cyberoam . Even if you change the group association on AD for that user it would not change on Cyberoam . 

    When you Migrate to SFOS there is no such option to change the integration of the Server and is set by default as Tight Integration. SO the membership of the user would try to match with the existing group on the appliance so make sure that the same Group name and the membership of the username is primary and also imported on SFOS. 

    Kindly Verify the Steps Via the Kb article Provided https://community.sophos.com/kb/en-us/123164 . Also To import the Groups from AD follow this link https://community.sophos.com/kb/en-us/123158 .

    Thanks and Regards 

    Aditya Patel | Network and security engineer.

  • 0 in reply to Aditya Patel

    I migrated from Cyberoam, i have created similar groups as i have on my active directory i think it seems to be working, also where can i get the client for Andoid devices.

Reply Children
No Data