We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

How to use the ACL Type groups with MSAD

  • Type: Knowledgebase
  • Date changed: 7 months ago
Solution #00005328 
 

Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x,5.0.x, 5.2.x
- netfence firmware versions 4.2.x

 
Symptoms:
If you want to use the ACL Type "group" in combination with MSAD, you have to consider the following things. Group authentication in combination with MSAD works only if the queried data is available in the netfence MSAD offline database.

Note:
Group ACLs are only avaliable for the ProxyNG

 
Solution:
First, configure the configuration item under MSAD Authentication "Infrastructure Services" > "Authentication Service" and set "Cache MSAD-groups" to "yes".

With following command you can make a manual sync for the MSAD offline database
  /opt/phion/modules/box/boxsrv/phibs/bin/msad_grpoffl -f

Test the phibs authentication as in solution 00005118 described (https://campus.barracuda.com/solution/50160000000IKYZAA4).

Set the engine version of the proxy under "HTTP Proxy Settings" > "Advanced" to "NG".
Select Phibs-Specific Schemes under the configuration item Authentication Scheme General and set the Phibs Authentication Scheme to MSAD.

 


































Create the ACL entry in the Group ACL Entries and set Partial Search to yes. When should the distinguished names which you can enter in groups to pay attention to the levels of the Active Directory structure. E.g. is the the group administrator in the Builtin folder, the distinguished name should be: "CN=Administrators,CN=Builtin,DC=domainname,DC=com".


































Link to This Page:

https://campus.barracuda.com/solution/50160000000IKbxAAG