Hi,

Add your AD server as an LDAP server, rather than AD, this is much more flexible.

Once done select the Server Catalogue at the bottom of the auth server page, and click search. You should see all the groups on your AD server. By selecting them you import the FQDNs into the SA, then you can use them for role mapping within a realm that uses the AD server for authentication.

Sam.

OK I have added server as an LDAP server

Specified Authentication Required - which seems to be ok

Finding user Entries

Base DN dc=red,dc=company,dc=local

Filter cn=*

Not sure what to put in Determining Group membership?

I tried dc=red,dc=company,dc=local

cn=VPN

When I go to server catalog - Click search I get nothing?

How do I run a debug on this to see where it is failing?

Thanks

Roger

Finding User Entries:

Base DN: dc=red,dc=company,dc=local

Filter: samaccountname=<USER>

Determining Group Membership:

Base DN: dc=red,dc=company,dc=local

Filter: cn=<GROUPNAME>

Member attributeL member

Make sure you tick "Authentication Required to search LDAP" and provide some working user credentials too.

You should then see your groups.

Sam.

Thanks for the tips - still getting empty searches!

I have a Juniper expert looking at it today, will post the working solution when I get it going.

It is a 2008 AD server and he said I need to tick the box that says this server is 2008

I have not got that option, running 6.5R2 - need to upgrade!

Got it working!

my USER search had to be changed to <USERNAME>

I can now see all my AD!

Thanks for your help

Roger