- Pulse Secure Community
- :
- About mmartin_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
mmartin_
Occasional Contributor
5
Posts
0
Kudos
0
Solutions
04-25-2014
03:12:PM
Per JTAC - not supported with AD/NT type servers. Must be LDAP, but LDAP is the better choice anyway and is more efficient per their advice.
... View more
04-16-2014
10:31:AM
Hello, SA4500 FIPS (remote cluster) Version: 8.0R3:2 (build 30619) When I use an LDAP authentication server type to search AD, my custom expressions to match OU's work just fine (userDN.OU = "whatever"). When I do the same with an AD server type, they do not match. The directory is being searched and the attributes are being returned. I can see them just fine in the trace, but the rolemapping says "no match" for those rules. I configured everything from scratch for the AD auth - All new sign-in policy, auth server, realm, role mapping, expressions, etc. - just to be sure. I tried to match on both forms of the OU name listed in the variables. No luck. Again, this works just fine with LDAP as the auth type... and the logs look identical, except there is a match. Info PTR10305 2014/04/16 10:12:00 - Hostname - [*.*.*.*] - DOMAIN\user(Copy of Portal)[] - Variable userDN.OU = "OU NAME GOES HERE" Info PTR10305 2014/04/16 10:12:00 - Hostname - [*.*.*.*] - DOMAIN\user(Copy of Portal)[] - Variable [email protected] Active Directory - New.OU = "OU NAME GOES HERE" Info PTR10218 2014/04/16 10:12:00 - Hostname - [*.*.*.*] - DOMAIN\user(Copy of Portal)[] - No match on rule 'userDN.OU = "OU NAME GOES HERE"' Info PTR10218 2014/04/16 10:12:00 - Hostname - [*.*.*.*] - DOMAIN\user(Copy of Portal)[] - No match on rule '{[email protected] Active Directory - New.OU} = "OU NAME GOES HERE"' Any idea why this is happening?
... View more
06-30-2010
09:08:AM
Thanks! That would help. I spent a few hours trying to make it work before I put in a ticket since I assumed I had to have made a mistake somewhere in my config since the traces looked the same, except no match.
... View more
06-30-2010
09:04:AM
Is it possible to role map based on an OU rather than a group membership? If so, is there documentation somewhere? I'm trying to use "user attribute" "ou" and then the name of the OU by itself and with the full path, including domain name. Neither seems to work. Please help. Thanks!
... View more
06-30-2010
09:03:AM
I understand that I could add an LDAP server, but at that point, I might as well just use it for auth too and not waste my time configuring two servers. The reason why I thought this may (should) work is because the policy trace shows the attributes/variables coming back the exact same way when I enable "Group search with LDAP" in the AD Server type: AD Type with Group search with LDAP: Variable userDN.OU = "OU NAME GOES HERE" LDAP Server Type: Variable userDN.OU = "OU NAME GOES HERE" So the fact that I can't use a custom expression to match on that is a limitation of the software (confirmed by JTAC), not a limitation based on what information I'm getting back from the AD server. Clearly, if the same data is being displayed in plain text, right in front of me, the software could be written to give the ability to match on it. Per JTAC, the custom expressions won't match based on how the attributes are stored in the user record. This is fine though now that I have a clearer understanding. I don't mind using LDAP. Plus JTAC informed me that LDAP is the better choice and only to use the AD server type in the following scenarios: "when you need machine authentication without certificates or trusted domains for user and group lookup" Thanks!
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
