Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 2368 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Group Object not Working for PF

Corey3443
Hey guys,

I rebuilt my ASG on the weekend due to a harddrive failure. 
Now i've patched it back up to 8.304 and reloaded my config.

Now my issue is all my rules that refer to user group network object isnt work.

If i use the user object on its own it works, if i use the group object it doesnt.
an example rule is

Adults (User Network Obj) -> Email Server -> Internetv4 (ALLOW,Log)

Now that use to work, but now doesnt. but if i exchange that with the user object instead.
 userTest (User Group Network) -> Email Server -> Internetv4 (ALLOW,Log)

it works.

Authentication is done by the AAA Agent, Users are sync via ldap. 
Now I know that AAA must be telling Astaro something because webproxy is using the correct profiles on each user.

ideas? if you need logs just tell me what i need to provide.


This thread was automatically locked due to age.
  • 0
    also i just ran a test from the "Authentication Servers -> Servers". I clicked the LDAP Backend Object i made, and on typed in a user/pass and it reported back 3 groups.
    LDAP Users (system generated)
    Adult PP
    VPN Users

    i should also mention that these groups that i made, are not backend reliant. These groups are created on the front end and use static members.
  • 0
    Corey, please [Go Advanced] below and attach a picture of the rule that isn't working.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Sorry for the delay, works edirectory went pear shaped so i've enjoying spending the last 24hrs fixing it.

    Pic attached. Also found this 
    2012:06:29-16:14:13 EdgeFirewall argos[8849]: [argos_listen]: New connection from X.X.X.X

    2012:06:29-16:14:13 EdgeFirewall argos[8849]: [auth_aua]: User test authenticated [REF_AaaGroAdults]

    Which would suggest the group should work, but it doesnt.

    also attached group pic from example.
  • 0 in reply to Corey3443
    Use a Network group, not a User group
  • 0 in reply to papa__01
    Use a Network group, not a User group


    completely irrelevant. if i was going to do that, there would be no need for authentication >.>
    and i dont plan on using static ip's either.
  • 0 in reply to Corey3443
    Not correct - you can shift the users into a network group
  • 0 in reply to papa__01
    Not correct - you can shift the users into a network group


    even so, I was having no issues using the group object before. why would i want to add each user to a network group, when there's a object already there which should do the job fine.
  • 0
    Corey, are you certain you were using a "(User Group Network)" object before?  I can't remember now for sure, but I think I tried something similar and was unsuccessful.  You might give it one more try and create a new User Group to see if that works in place of your current one.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hello,

    got the same problem.
    Using 9.00316, i cannot add a user object into a network group, because when i push the add-button, i just see network-objects.

    How can i handle this?

    Thx,

    Manuel
Cookie Information Banner