topic Re: SMB Remote Access AD users in Spark Firewall (SMB)

SMB Remote Access AD users

G_W_Albrecht — Thu, 06 Dec 2018 10:59:29 GMT

A customer reported that after updating the firmware from R77.20.75 to R77.20.8x on locally managed 730, RA VPN clients could no longer authenticate with AD credentials as the SMB GW did not communicate with the AD anymore. It needed an adjustment for different parsing of OUs in AD - but i could find no documentation or remark about this. Did anyone experience the same issue ?

Re: SMB Remote Access AD users

Mike_A — Thu, 06 Dec 2018 12:20:45 GMT

Gunther,

We had this issue, it seemed to link with the firmware upgrade but in our instance it was related to the upgrade of the MDS from R77.30 to R80.10. LDAP (TCP389/636) was not sent across the tunnel but observed being sent out the WAN interface on the SMB device. After following sk92281 we were able to fix our issue.

Re: SMB Remote Access AD users

G_W_Albrecht — Thu, 06 Dec 2018 12:50:18 GMT

That is surely a different issue and not connected to implied rules.

Re: SMB Remote Access AD users

Mike_A — Thu, 06 Dec 2018 12:58:02 GMT

You are correct. I saw the "clients could no longer authentication with AD" and immediately thought of the issue we had. Sorry to muddy the water.

Re: SMB Remote Access AD users

Pedro_Espindola — Thu, 06 Dec 2018 13:08:00 GMT

Local or central management?

Re: SMB Remote Access AD users

G_W_Albrecht — Thu, 06 Dec 2018 13:39:46 GMT

Cought me red-handed - locally managed, i added that to the question...

Re: SMB Remote Access AD users

G_W_Albrecht — Thu, 06 Dec 2018 14:41:20 GMT

Customer explained that he originally had restricted the AD to a branch containing all windows user groups needing RA VPN access.

Now he had to use a OU branch containing also users from the AD VPN group.