I have configured SA with AD and define Role mapping with group membership.
Details in attached file.
the user group can import to role mapping, but when i try to login with user in that group, appears message like this : You are not allowed to login. please contact your administrator.
I dont understand what is that meaning?
Anyone can explain to me how to solve this?
Yes i use AD/Nwindows NT for auth server.
attached is an example of LDAP that i created.
I have question: In LDAP setting : Admin DN ---> is it has to configure complete include : DN, CN, OU ? or just put administrator or username on the field?
you have to use the distinguishedName
What does the user log say? Have you enabled a policy trace? That will show you what is happening under the covers with the commuications between the SA box and the AD server.
attached is the log :
what is that meaning?
Start a policy tracing ( Troubleshooting -> User Sessions -> Policy Tracing ) and post the output. Use at least the follow options:
- Role Mapping
attached is the log by policy tracing.
Could you explain what is the cause?
Well what the log and policy trace are both showing is that you do not have a match between the group that you have defined (SecureAccess1) and the AD settings for the user. The message you are seeing in the trace "no match on rule" reflects that fact.
If i'm using role mapping by username ( auth server with AD), it's success : user can login to SA.
But when using role mapping by group, that's the problem : user cannot login to SA.
you said that there's missmatch between group and AD setting for the user, I know there's a missmatch , but still dont understand how to solve this,
Is it miss configuration in AD or in SA?. where i should start to check this in SA or AD?.
hope you can give me the way to solve this.
Same issue I am also facing. Pls. try to recreate AD Authentication server.