AnsweredAssumed Answered

Not able to access native applications for AD users

Question asked by nagaraja cs on Jun 10, 2018
Latest reply on Jun 11, 2018 by Dameon Welch Abernathy

Setup:Distributed

Version:R80.10 with TAKE_56

AD authentication for SSL VPN users stopped working after AD password expiry of non-admin user.

We were not able to see complete AD tree,we have manually added subdomain with parent domain,after that user is able to authenticate,but not able to access native applications. 

It is working for local users,it will also work AD users if I add 'All uers" in source column of Mobile access policy.

But if I am adding specific AD users or LDAP groups,traffic is dropping with MAB policy with non-existant rule which is showing in logs.

When I am checking for drops with #fw ctl zdebug + drop | grep <ip>,can see drops as per MAB policy rule number which doesn't exist in MAB policy.

The rule number will be changing randomly,but the drop rule number in logs and zdebug output shows same rule number.

Any suggestions on this ?

Outcomes