MAG2600 ssl vpn - cannot use role mapping based on domain users group
I want to create default role for all domain users to be able to login the ssl-vpn website, when I use role mapping based on domain users membership it doesn't work, when I try to do it on Domain Admins group for testing it works fine. I also tried to create new group and added domain users to this group still doesn't work. I added my username to the new group for testing and it works fine.
the only problem is with domain users group, the LDAP work fine.
Re: MAG2600 ssl vpn - cannot use role mapping based on domain users group
Yes, the domain users group cannot be used for group membership lookup with LDAP. In order to do that, you need to attribute-based mapping rules and add the attribute of principalGroupID to the LDAP catalog. Once you have that in place, the rule is (historically) principalGroupID = 513
Please see https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB2527 [url]https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB2527[/url] for more information on when this needs to be used