Hello All,
I am trying to get integrated userfirewall working.
As you can see i have a user test, which is the member of test-group
Following is the configuration that I'm doing on my firwall
user-identification {
active-directory-access {
traceoptions {
file AD size 25m world-readable;
level all;
flag all;
}
domain seclab.com {
user {
Administrator;
password "$9$afZik.P5Q36VbYoJDmPf5QF9AuO1hyl"; ## SECRET-DATA
}
domain-controller dcontroller {
address 10.10.10.3;
}
user-group-mapping {
ldap {
base DC=seclab,DC=com;
}
}
}
wmi-timeout 120;
}
}I can see that srx is connected to ADcontroller
root# run show services user-identification active-directory-access domain-controller status extensive
Domain: seclab.com
Domain controller: dcontroller
Address: 10.10.10.3
Status: ConnectedAlso I can see that auth table is getting populated.
root# run show services user-identification active-directory-access active-directory-authentication-table all Domain: seclab.com Total entries: 2 Source IP Username groups state 10.10.10.1 administrator Valid 10.10.10.4 test Valid
I am trying to filter out traffic base on user identities wit this config
[edit security policies from-zone trust to-zone ammar policy p1]
root# show
match {
source-address any;
destination-address any;
application any;
source-identity "seclab.com\test";
}
then {
permit;
}But I am not able to get my traffic pass through based on the above config
I'm getting following error
root# run show services user-identification active-directory-access user-group-mapping status Domain: seclab.com LDAP server Port Last-query-status Last-query-time 10.10.10.3 389 Query failed 2016-03-14 03:02:33
root# run show services user-identification active-directory-access statistics user-group-mapping domain seclab.com
Domain: seclab.com
Host: 10.10.10.3 Port: 389
Total query number : 105
Failed query number : 105Can anybody tell me what I am missing ?
Code is
[edit] root# run show version Model: srx210he2 JUNOS Software Release [12.1X47-D35.2]