Showing results for 
Search instead for 
Did you mean: 

AAA - No Roles for Group Users

Super Contributor

AAA - No Roles for Group Users

It seems that every time anything happens with any of our domain controllers, our Active Directory / Windows NT AAA Server defined in the SA stops authenticating people by their Groups. The logs say " No Roles " even though the users are in a group that is specified in the realm. It seems that the SA can still map people granted access by specific username but just not by group.


If we toggle the AAA Server to a different domain controller the issue goes away.


Now, I would change the Auth Server type to LDAP but Im afraid all the users will lose their bookmarks and settings. Please help.




Valued Contributor

Re: AAA - No Roles for Group Users

Are we looking for a solution why "No Roles" appear or how to migrate user records from one auth server to another?


For the "No Roles" scenario, most likely this is due to an issue with the computer account the IVE adds to the domain controller.  When you say "anything happens with any of our domain controllers", what type of scenarios are we talking about?


For the migration of user records, there is no easy way to move these within the SA device as they are tied to the specific authentication server.  If the bookmarks are defined via a role or policy, these are not saved within the user record.  This should only be a concern if end users are allowed to create their own bookmarks.

Regular Contributor

Re: AAA - No Roles for Group Users

Hi Justin,


What is the SA Build currently deployed?

what is the backend Authentication server  os with service pack if any?