AnsweredAssumed Answered

Activating Identity Awareness R80 gateway with Active Directory can obtain user list

Question asked by Antonio Rodriguez on Nov 23, 2018
Latest reply on Nov 24, 2018 by Dameon Welch-Abernathy

Hi, im trying to activate my identity Awareness blade on R80 gateway, in the wizard the connection with my AD result ok, but when Im trying to create a Access Role requesting a list of users of the domain controller, it doesn't  work.

 

When I use the test_ad_connectivity -x itsvsa.com.ve -o my_test2.txt -s -w command on expert mode, I can see these results:

[Expert@gwr801:0]# cat my_test2.txt
(
        :status (SUCCESS_WMI)
        :err_msg ("ADLOG_SUCCESS;LDAP_OPERATIONS_ERROR")
        :ldap_status (LDAP_OPERATIONS_ERROR)
        :wmi_status (ADLOG_SUCCESS)
        :timestamp ("Fri Nov 23 10:37:19 2018")

 

Using another diagnostic commands, the output shows connection with the active directory, in fact I can observe data for machines on =the domain an users of certainf OUs. but in the Securty Management I can not obtaing the user list, to create access roles based rules.

 

other ouptputs:

 

[Expert@gwr801:0]# adlog a dc
Domain controllers:
Domain Name               IP Address                Events (last hour)   Connection state
============================================================================================================
itsvsa.com.ve             10.16.13.50               167                  has connection
Ignored domain controllers on this gateway:
No ignored domain controllers found.
[Expert@gwr801:0]# adlog a q a
ip: 10.16.13.4 --> Users: Ernesto Cabello (ernesto.cabello@itsvsa.com.ve); fortilab (fortilab@itsvsa.com.ve);
ip: 10.16.13.50 --> Machines: amazonas@itsvsa.com.ve;
ip: 10.16.13.51 --> Machines: caroni@itsvsa.com.ve;
ip: 10.16.13.52 --> Machines: neveri@itsvsa.com.ve;
ip: 10.16.13.56 --> Machines: veeam@itsvsa.com.ve;
ip: 10.16.13.70 --> Users: Gabriel Salcedo (gabriel.salcedo@itsvsa.com.ve);  --> Machines: cesar-pc@itsvsa.com.ve;
ip: 10.16.13.73 --> Users: Angel Garcia (angel.garcia@itsvsa.com.ve);  --> Machines: desktop-3h34386@itsvsa.com.ve;
ip: 10.16.13.101 --> Users: Antonio Rodriguez (antonio.rodriguez@itsvsa.com.ve);  --> Machines: arodriguez@itsvsa.com.ve;
ip: 10.16.13.127 --> Users: Javier Orejarena (javier.orejarena@itsvsa.com.ve);  --> Machines: ccert@itsvsa.com.ve;
ip: 10.16.13.182 --> Users: Angelica Rangel (angelica.rangel@itsvsa.com.ve);  --> Machines: raranguren@itsvsa.com.ve;
ip: 10.16.13.185 --> Users: Arquimedes Gardie (arquimedes.gardie@itsvsa.com.ve);
ip: 10.16.13.201 --> Users: Ludexi Ortega (ludexi.ortega@itsvsa.com.ve);  --> Machines: ortegal@itsvsa.com.ve;
ip: 10.16.13.214 --> Users: Yeritson Pernia (yeritson.pernia@itsvsa.com.ve);  --> Machines: vmartinez@itsvsa.com.ve;
ip: 10.16.13.222 --> Users: Janeth Laguado (janeth.laguado@itsvsa.com.ve);  --> Machines: jlaguadorrhh@itsvsa.com.ve;
ip: 192.168.200.50 --> Machines: amazonas@itsvsa.com.ve;
ip: 192.168.200.51 --> Machines: caroni@itsvsa.com.ve;
I can see detailed information of the domain via shell, but not on the Security management, 
thanks for anyone help me. 

Outcomes