It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

How to use the ACL Type groups with MSAD

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00005328 

This solution replies to:
- NG Firewall firmware versions 4.2.x,5.0.x, 5.2.x
- netfence firmware versions 4.2.x

If you want to use the ACL Type "group" in combination with MSAD, you have to consider the following things. Group authentication in combination with MSAD works only if the queried data is available in the netfence MSAD offline database.

Group ACLs are only avaliable for the ProxyNG

First, configure the configuration item under MSAD Authentication "Infrastructure Services" > "Authentication Service" and set "Cache MSAD-groups" to "yes".

With following command you can make a manual sync for the MSAD offline database
  /opt/phion/modules/box/boxsrv/phibs/bin/msad_grpoffl -f

Test the phibs authentication as in solution 00005118 described (

Set the engine version of the proxy under "HTTP Proxy Settings" > "Advanced" to "NG".
Select Phibs-Specific Schemes under the configuration item Authentication Scheme General and set the Phibs Authentication Scheme to MSAD.


Create the ACL entry in the Group ACL Entries and set Partial Search to yes. When should the distinguished names which you can enter in groups to pay attention to the levels of the Active Directory structure. E.g. is the the group administrator in the Builtin folder, the distinguished name should be: "CN=Administrators,CN=Builtin,DC=domainname,DC=com".

Link to This Page: