Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mlinzer
Explorer

AD Computer not recognized in Access Roles with Machine Authentication

We have implemented machine authentication successfully on R80.40. I see the machine authenticating and the value of the Subject field in the certificate appears in the log. However, i am unable to use Access Roles that test for specific machines/groups from the Active Directory. Even though the machine is recognized, the Access Role is not matched. I have tried populating the certificate with the plain CN as well as the full DN. Nothing seems to work. I can create an access role with "All identified machines", but not with specific machines or groups. Has anyone implemented this successfully? 

Thanks,

Moshe

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Is Remote Access configured as an identity source in your gateway object?
Also, it's possible the machine identity would need to come from your AD server in this case...I presume your client can reach the AD server(s) when connected via VPN?

0 Kudos
mlinzer
Explorer

Yes, remote access is configured under Identity Sources. The clients can access the AD server. 

Users and user groups are identified fine. The problem is with machine identity.

What is the recommended value for the Subject field in the Machine Certificate?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events