Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority

rule with access role does not match

central managed SMB gateway (1570, Smart-1 cloud), LDAP-Account unit with enabled ad-proxy feature.

We can browse the local ActiveDirectory and create access roles with AD groups. For remote access we create a rule with the access role as source. Users can authenticate with their AD accounts successful, but connections to internal resources are dropped. Changing the source to „any“ everything is working fine.

On the gateways Identity Awareness settings only remote access is enabled. I think this should be enough, we need access roles only for remote access. But it looks like the users are not identified.

Any ideas?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Remember that "groups" come from LDAP and the gateway itself needs to be able to talk to the relevant LDAP server to retrieve them.
Have you checked this?

Wolfgang
Authority
Authority

Yes, this works. We are using the same gateway as AD-proxy and we have no problem discovering the AD via this AD-proxy and adding users from AD to the accessrole.

0 Kudos
PhoneBoy
Admin
Admin

I suspect AD Proxy and pdp are occurring through different code paths.
Did you actually check on the SMB gateway itself that it can reach LDAP and is making the appropriate LDAP queries? 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events