Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Role Mapping

SOLVED
Go to solution
csmith1329_
Occasional Contributor
‎06-17-2008 11:46:AM
‎06-17-2008 11:46:AM

Role Mapping

I'm trying to setup RSA Tokens. I'm going to use RADIUS for authication, but then I want role mapping to be done by Active Directory. I have heard this is possible, but I'm not quite sure how to set it up. I'm running an SA 2000 on version 6.0R3.1 (build 12507). I'm currently setup up for active directory authications and active directory is doing the role mapping as well.

Any help would be nice.

Thanks,

Corey

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
firewall72_
Frequent Contributor
‎06-18-2008 03:57:AM
‎06-18-2008 03:57:AM

Re: Role Mapping

Hi,

If this is a production box, I would create a new realm and sign-in URL to test. That way your users can still use the box. I was unable to open your snapshot, but I'm guessing you're having issues with Auth servers and role mapping. Try the following:

1. Create host agent on RSA and export the sdconf.rec.

2. Create an ACE auth server and import sdconf.rec.

3. Create an LDAP server and point to your AD.

4. Create a sign-in policy URL for testing

5. Create a Realm and specify your ACE (auth) and LDAP (Directory)

6. Create a group in AD for Role mapping

7. Add the proper role mapping for the realm and build the server catalogue (map using groups)

8. Configure the remaining SSL settings (bookmarks, policies, etc) and test

Let me know if which steps you get stuck on and I will try to provide more information.

John

View solution in original post

0 Kudos
10 REPLIES 10
firewall72_
Frequent Contributor
‎06-17-2008 01:52:PM
‎06-17-2008 01:52:PM

Re: Role Mapping

Hi Corey,

We currently have this configured. You would configure your RSA with the ACE option and your AD with the LDAP option. Both are these are configured under "Auth Servers". Upon completion, your would add these to your Relam. RSA for Authentication and AD for Directory. This will result in your RSA server providing authentication and your AD for mapping roles based on group membership.

Rgds,

John

0 Kudos
csmith1329_
Occasional Contributor
‎06-17-2008 02:24:PM
‎06-17-2008 02:24:PM

Re: Role Mapping

John,

The part I missing is the LDAP group. I have configured LDAP authications server. After authicating I get no roles. I don't get what part I'm missing in the LDAP authication server.

Thanks for your Help.

Regards,

Corey

0 Kudos
firewall72_
Frequent Contributor
‎06-17-2008 06:04:PM
‎06-17-2008 06:04:PM

Re: Role Mapping

Hi,

Your original message indicated you were trying to use RSA. Are you authenticating via RSA or AD? Once your LDAP server is defined as a Directory Server, you will be able to configure the groups for role mapping. Let me know.


Rgds,

John

0 Kudos
csmith1329_
Occasional Contributor
‎06-17-2008 06:46:PM
‎06-17-2008 06:46:PM

Re: Role Mapping

John,

I'm currently authenticating via Active Directory. I just Purchased an RSA System that I'm trying to implement. So when I switch it to RSA authenticating via ACE or RADIUS, I add the directory service with LDAP to my active directory server, that's when it I get the no roles problem. Of course I only have this one SA 2000 to do my configuring so I have to break it for general users while I check my configuration changes.

I guess, do I have to re-do my role mapping after I break it ?? Or can I use the current configuration of role mapping and have it still work. I'll try to add a screen shot, but last time it was too big. I'll see if I can do that again.

Thanks again for you help.

Regards,

Corey

0 Kudos
firewall72_
Frequent Contributor
‎06-18-2008 03:57:AM
‎06-18-2008 03:57:AM

Re: Role Mapping

Hi,

If this is a production box, I would create a new realm and sign-in URL to test. That way your users can still use the box. I was unable to open your snapshot, but I'm guessing you're having issues with Auth servers and role mapping. Try the following:

1. Create host agent on RSA and export the sdconf.rec.

2. Create an ACE auth server and import sdconf.rec.

3. Create an LDAP server and point to your AD.

4. Create a sign-in policy URL for testing

5. Create a Realm and specify your ACE (auth) and LDAP (Directory)

6. Create a group in AD for Role mapping

7. Add the proper role mapping for the realm and build the server catalogue (map using groups)

8. Configure the remaining SSL settings (bookmarks, policies, etc) and test

Let me know if which steps you get stuck on and I will try to provide more information.

John

0 Kudos
csmith1329_
Occasional Contributor
‎06-18-2008 07:19:AM
‎06-18-2008 07:19:AM

Re: Role Mapping

John,

Where I'm having the issue is when it goes to lookup the groups I guess. I'm not sure what to put in the filter ?? DC or CN. I have tried both and they won't bring anything back from the server. I'm not sure if i'm putting in the correct string. I have don CN=<DomainName> and DC=<DomainName>. The authication part is kinda through me for a loop as well. I think I might have to authicate for LDAP to work properly but not sure how to format that line either...

Sorry for all the stupid questions.

Thanks for the help.

Regards,

Corey

0 Kudos
csmith1329_
Occasional Contributor
‎06-18-2008 08:43:AM
‎06-18-2008 08:43:AM

Re: Role Mapping

John,

I finally got the correct syntax. Thanks for you all your Help !!

Best Regards,

Corey

0 Kudos
firewall72_
Frequent Contributor
‎06-18-2008 09:23:AM
‎06-18-2008 09:23:AM

Re: Role Mapping

Excellent, I'm glad you got it working.

John

0 Kudos
keith_
Contributor
‎06-19-2008 08:43:AM
‎06-19-2008 08:43:AM

Re: Role Mapping

Have you tried using the (Softerra) LDAP Browser? It's a fantastic, free, little tool for working out A/D schemas.

Keith

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.