This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD und Untergruppen

Hallo,
ich habe nun erfolgreich meine ASG320 (V7.510) an unsere Active Directory angebunden.
Ist es ein Feature oder ein Bug, dass Mitglieder von Subgruppen nicht mit erfasst werden?
Ein AD-Gruppe Admins (S_Admins) sollen auf das WebAdmin zugreifen dürfen.
Die AD-Gruppe hat eine Untergruppe S_Super_Admins.
Im User_Prefetch Log sehe ich, dass der Zugriff klappt und Benutzer updated werden.
User in CN=S_Admins werden geladen sowie die CN=S_Super_Admins gefunden. Hier werden allerdinge keine Benutzer geladen.
Was kann man da tun?
Vielen Dank
Nathan

This thread was automatically locked due to age.

Parents

0 BAlfson over 14 years ago

Nathan, was sieht man in Prefetch Live Log - Warum werden die Benutzer nicht geladen?

MfG - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

0 NvA over 14 years ago in reply to BAlfson

Nathan, was sieht man in Prefetch Live Log - Warum werden die Benutzer nicht geladen?


2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: >=========================================================================
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ARGV: $VAR1 = [
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: '--server-ref',
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: 'REF_abcdefg'
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ];
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]:  using internal configuration from Confd
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Using contexts from confd object
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ldap server:
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: server: 192.168.1.100
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: port: 389
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ssl: 0
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: bind_dn: CN=Admin,CN=Users,DC=Firma,DC=local
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: update: 1
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: contexts:
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: CN=S_Admins,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Starting synchronization for adirectory
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Searching for users
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Connecting to ldap server
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ldap server: ldap://192.168.1.100:389
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Context 'CN=S_Admins,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local' is a group. Adding group members:
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: CN=S_Super_Admins,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: CN=S_Admins_Azubis,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: CN=Peter Petersen,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Firma,DC=local
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Performing ldap search:
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: searching 'CN=S_Super_Admins,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local'
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: searching 'CN=S_Admins_Azubis,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local'
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: searching 'CN=Peter Petersen,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Firma,DC=local'
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Ldap search returned 1 users
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Search time: 0m 0s
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: Adding/updating users
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: # 1 Updating user Peter.Petersen2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: 1 user objects were found:
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: 0 users were created
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: 1 user was updated
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: 0 users are authenticated locally.
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: Overall time: 0m 1s

Peter Petersen ist Mitglied der Gruppe S_Admins.
Sigfried Siegreich ist MItglied der Gruppe S_Super_Admins.
Dennis Depp ist Mitglied der Gruppe S_Admins_Azubis.

Peter wird geladen, aber Siegfried und Dennis nicht. Warum steht da leider nicht. Der Prefetch scheint nicht rekursiv in die Untergruppen zu schauen.

Gruß Nathan

PS: kann die V8 das vielleicht? - das wäre mal ein weiterer guter Grund umzusteigen.

Reply

0 NvA over 14 years ago in reply to BAlfson

Nathan, was sieht man in Prefetch Live Log - Warum werden die Benutzer nicht geladen?


2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: >=========================================================================
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ARGV: $VAR1 = [
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: '--server-ref',
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: 'REF_abcdefg'
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ];
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]:  using internal configuration from Confd
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Using contexts from confd object
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ldap server:
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: server: 192.168.1.100
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: port: 389
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ssl: 0
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: bind_dn: CN=Admin,CN=Users,DC=Firma,DC=local
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: update: 1
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: contexts:
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: CN=S_Admins,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Starting synchronization for adirectory
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Searching for users
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Connecting to ldap server
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ldap server: ldap://192.168.1.100:389
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Context 'CN=S_Admins,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local' is a group. Adding group members:
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: CN=S_Super_Admins,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: CN=S_Admins_Azubis,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: CN=Peter Petersen,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Firma,DC=local
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Performing ldap search:
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: searching 'CN=S_Super_Admins,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local'
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: searching 'CN=S_Admins_Azubis,OU=Security Groups,OU=MyBusiness,DC=Firma,DC=local'
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: searching 'CN=Peter Petersen,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Firma,DC=local'
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Ldap search returned 1 users
2011:05:23-08:36:00 astaro-2 user_prefetch[27674]: Search time: 0m 0s
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: Adding/updating users
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: ------------------------------------------------------------
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: # 1 Updating user Peter.Petersen2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: 1 user objects were found:
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: 0 users were created
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: 1 user was updated
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: 0 users are authenticated locally.
2011:05:23-08:36:01 astaro-2 user_prefetch[27674]: Overall time: 0m 1s

Children

No Data