This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with User-Portal & SSL software download

Hi, i configure my Astaro 7.1 to authenticate users from Active Directory.
I create in AD a group VPN with the users able to connect from remote with SSL; then i create in Astaro a new Group VPN of type Backend Membership with Limit to backend group(s) membership VPN. I add this group on Remote_access SSL to the User/Group Area.

When i logged on User-Portal with an user of VPN Group i logged in successful but if i go on Remote-Access SSL-VPN tab i didn't found the link to download the software. If add the user autogenerate on User/Group area of Remote Access SSL i found the links.

Why this ? Are not supported the Active Directory Groups on SSL remote access?

Regards,

Matteo Lobbiani

This thread was automatically locked due to age.

Parents

0 anonymous_02 over 17 years ago

Backend User Groups are currently not supported in that context.
The good news: This will change in one of the next up2dates (maybe in 7.102).

Sorry.

Kind Regards,
Daniel
Cancel
Vote Up 0 Vote Down

Cancel
0 jkmichael over 17 years ago in reply to anonymous_02

Well, we're at 7.103 and the functionality is still not there. I don't understand the point of backend groups at all, if you can't USE them to grant access to services such as SSLVPN! Wow, you can log into the portal... neato.
Cancel
Vote Up 0 Vote Down

Cancel
0 frozen over 17 years ago in reply to jkmichael

Am I wrong or is this still so?

Another question, can you auth against Radius or AD over SSL VPN?

It neither working here.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 frozen over 17 years ago in reply to jkmichael

Am I wrong or is this still so?

Another question, can you auth against Radius or AD over SSL VPN?

It neither working here.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 jkmichael over 17 years ago in reply to frozen

Yes, it is still the case... the problem has not been fixed by Astaro.

I'm not sure what you're asking about authenticating over SSLVPN, but we're authenticating *to* the SSLVPN with AD credentials just fine (via back-end *users*) That has always worked.

What does *not* work is using back-end AD *groups* to grant the *right* to use the SSLVPN in the first place. Instead, you must create an internal ASG group that is allowed to use the SSLVPN and manually add your back-end AD users to it. :-(
Cancel
Vote Up 0 Vote Down

Cancel
0 frozen over 17 years ago in reply to jkmichael

You have a local user for every AD User then.. Ok for SSL VPN is this quite obvious [:)]
This would be exactly what I wish. So I have to look for another option then. As the permitted VPN users change very often.

What seems to work partially is:
- Create Backend Group and Backend-Sync to RADIUS Server
- Add the Backend Group to the allowed VPN Users
- Then if anyone logs in, the request to the RADIUS Server will be sent
- Other than mentioned in the Documentation its asking for openvpn (if I'm right)
- I got a Radius Success Message, but the VPN Client still says that he couldn't log in.
Cancel
Vote Up 0 Vote Down

Cancel
0 phpp over 17 years ago in reply to frozen

using Static User group of ASG and move all vpn user to this group is the best solution in this moment.

I think we need more feature for SSL VPN:

- Using backend Group
- Auto distribute the SSL Config Packet to each user by email.
Cancel
Vote Up 0 Vote Down

Cancel