Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

Identity Awareness (AD Query) not applying Identities in Rulebase

Hello,

I'm looking at an issue with Identity awareness AD Query. From looking at the CPview, pdpd & pepd debug files I can see that identities are being gathered and stored on the gateway; PDP monitor has confirmed this. On the central management server, I am able to create access roles with the correct AD account set within & add them to the rulebase. However when testing the rule, my traffic hits the cleanup rule and is skipping the AD rule I have set. 

I am struggling to understand why this is happening as the gateway has knowledge of each AD user and associated IP address, as far as I can see all the required services are up. The gateway is also actively receiving events from multiple domain controllers.

Gateway is R80.20 Take 19 IAAS Azure

Management is R80.30 

Is anybody able to point me in the right direction?

Labels (1)
0 Kudos
3 Replies
Highlighted
Admin
Admin

Have you verified the LDAP portion of the config is correct and working?
This is needed to correctly associate users with their groups, and thus their access roles.
0 Kudos
Highlighted
Ivory

Thanks for your response @PhoneBoy , yes I believe it is all correct and working. The Account used is a domain administrator & I can see the AD user information such as group membership is being pulled through, both when adding users to access roles on the management server & when running a PDP monitor on the gateway.

It looks like all the required information is present on the gateway but just not being used.

0 Kudos
Highlighted

Have you verified the pepd daemon is running?

Here a couple useful commands to test if pepd is doing its job

#pep show stat – shows basic status of PEP

#pep show pdp all – shows status of PDPs

#pep show user query usr <username> – shows identity status of single user. Useful to confirm that the PEP has received identity data from PDP.

#pep show user query cid <IP address> – shows identity status of single IP address

Dave

 

 

0 Kudos