Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SA Simulation - Fails to check users AD groups

netdefilr_
Occasional Contributor
‎02-19-2013 11:00:AM
‎02-19-2013 11:00:AM

SA Simulation - Fails to check users AD groups

I can do simulations on local users, but not AD users.

 

Is there any way to do this? It seems like the roles that get applied to AD users are roles that

are set to Any. I think simulations are very useful but in an AD environment it doesn't work.

 

Thanks,

Tim

0 Kudos
5 REPLIES 5
zanyterp_
Respected Contributor
‎02-19-2013 06:40:PM
‎02-19-2013 06:40:PM

Re: SA Simulation - Fails to check users AD groups

you are correct: simulation does not query the AD server. This means group-based rules cannot be tracked; this is by design. i will post the KB link once I find it again 

0 Kudos
netdefilr_
Occasional Contributor
‎02-20-2013 05:31:AM
‎02-20-2013 05:31:AM

Re: SA Simulation - Fails to check users AD groups

Is there any alternative to role mapping with AD?

0 Kudos
zanyterp_
Respected Contributor
‎02-20-2013 07:29:AM
‎02-20-2013 07:29:AM

Re: SA Simulation - Fails to check users AD groups

What are you trying to accomplish? You can role map with groups or usernames with the AD/NT (and LDAP) server type; however, simulation is not a valid way to check for group membership. If you want to see what the groups returned for a specific user, use the policy trace and let a user login. This will trace the groups that are being evaluated for the user as well as if the AD server response.
0 Kudos
netdefilr_
Occasional Contributor
‎02-20-2013 07:42:AM
‎02-20-2013 07:42:AM

Re: SA Simulation - Fails to check users AD groups

It would be nice to use simulation if possible, because 1. it doesn't require the user to login to troubleshoot and 2. I would like to see what roles a user matches. Including a stop rule so the user doesn't apply to more roles underneith that stop rule.

0 Kudos
zanyterp_
Respected Contributor
‎02-20-2013 07:52:AM
‎02-20-2013 07:52:AM

Re: SA Simulation - Fails to check users AD groups

OK; thank you for the information. Unfortunately, the system cannot do that at this time. It is a good idea for those reasons; I would recommend that you contact your account team/local Juniper team and work with them for an enhancement request. The KB that discusses this limitation is KB19777 (http://kb.pulsesecure.net/KB19777).
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.