Good afternoon. I have a SRX 320 router. I configure the user identification through the WMI. But I have a problem with this. When 2 or more users are logged on, the security policy is processed by the last logged user, because in the authentication table there is always only one entry IP ADDRESS - LOGIN. How do I configure the correct operation of policies for users working simultaneously on one terminal server.
fluoro@r80-02# show security policies from-zone trust to-zone INTERNET policy MGP_SRV01-TO-INTERNET_TEST_PROXY_2
match {
source-address MGP-SRV01;
destination-address YA_RU;
destination-address-excluded;
application any;
source-identity "lanrtmd.ru\mgp_permit_all";
}
then {
permit;
}
fluoro@r80-02# show services user-identification
active-directory-access {
domain lanrtmd.ru {
user {
srxnonadmin;
password "++++++++++++++++++++++++++++++++++++++++++++++++++++++"; ## SECRET-DATA
}
domain-controller XI {
address 192.168.97.19;
}
user-group-mapping {
ldap {
base DC=lanrtmd,DC=ru;