This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

V7.2 Backend Sync Features / Limitations

Hi all

I am currently evaluating User GROUP AD Backend Authentication and found out the following:

- "Limit to backend group Membership" only works, if the AD Group is not a GROUP but an OU. So I have to create a special OU for my Users to be member of. Very bad limitation as using global security groups would be much more flexible to handle. Is there any way to use Sec. Groups instead of OUs?

At least, using OU Membership allows me to create HTTP Profiles for backend Groups (ie OUs) without having the user created on the ASG. ("Create Users automatically" disabled)

- I can not use those users (OU Members) to authenticate in User Portal. This only works with "Create Users automatically" enabled. At least, it is sufficient to allow portal access to the group.

- Even with "Create Users automatically" enabled, those group members won't be allowed to access SSL-VPN, even though the group is allowed to. The (auto created) users need to be added to SSL-allowed users manually.

Are these impressions correct or did I misconfigure something?
Are there any other things i can use backend auth for?

Thanks in advance!

This thread was automatically locked due to age.

Parents

0 mhock over 17 years ago

Update:
In AD, I created a new Security Group and added a new User.
In ASG, I limited backend membership to the name af this group only (deleted others)... and it works.

Now... does ASG use OUs (LDAP attributes...) or Security group membership?
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 17 years ago in reply to mhock

We have deployed it at several sites using Security Groups. Never tried using an OU, don't think that's supported.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 17 years ago in reply to mhock

We have deployed it at several sites using Security Groups. Never tried using an OU, don't think that's supported.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 mhock over 17 years ago in reply to BrucekConvergent

Ok, this confirms my second impression, thank you (dont know what i have misconfigured during my 1st try).

How about my further questions:
- Users need to be auto-created to access user portal?
- Auto-created users must be added manually (as single users) to SSL-VPN Group?
Thank you!
Cancel
Vote Up 0 Vote Down

Cancel
0 James Bourne over 17 years ago in reply to mhock

Can someone post me specific configuration examples (screenshots)? I've been messing with this for a few days (SSL VPN AD Auth) and just can't get it to work. Or at the very least advise me how I can turn on some detailed debugging?
Cancel
Vote Up 0 Vote Down

Cancel
0 mhock over 17 years ago in reply to James Bourne

Have you made sure your Backend Auth is working (i.e. using Proxy Groups)?
If so, select user auto creation and put each autocreated user into the sslvpn Group manually - which means that a user must have logged in into User Portal at least once so he is being created).
Or am I wrong and there is an easier way?

Btw. I found that Backend domian memberships sometimes tells you that joining domain failed, and when you click some other menu and then return to domain membership it tells something like "Joined Domain...." though it actually hasn't.
I ran into some Problems too, but most of them were because of DNS issues: The DC should be one of your dns forwarders as ASL uses only DNS (no NetBIOS) since 7.xyz (cant remember).
Cancel
Vote Up 0 Vote Down

Cancel
0 anonymous_02 over 17 years ago in reply to mhock

Hi all,

at the moment you have to add the created users to the allowed users manually. That will be corrected in the upcomming 7.300.

Sorry.

Kind regards,
Daniel
Cancel
Vote Up 0 Vote Down

Cancel