Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Importing users from LDAP

Hello,

On NSA devices there is an option to import users from LDAP. Is this not an option on the SMA? We would like to add users (about 50 of them) to have an RDP bookmark to their office computers and am looking for a way to do this using their Active Directory creds. They can sign in with their AD creds and then the user is listed there but is there a way of doing this without asking them to sign in first?

Category: Secure Mobile Access Appliances
Reply

Answers

  • GeethaGeetha SonicWall Employee

    Yes, we can manually add each user. Navigate to Users - Local Users, Click Add user. Enter the User Name same as the domain user name, select the Domain and Click Accept.

  • I only see the options below for you.

    1. Add users manually (make sure you select your AD for the domain) and define per user bookmark.
    2. Alternatively if your users are capable, you can give them the ability to add their own bookmarks.
  • I have another solution for you, @JamesD. You can leverage custom variables in AD to do the Bookmark.

    Steps

    1. Use an attribute in AD for each user that specifies the hostname or IP of their workstation.
    2. In your Domain, put the custom variable as %AD:attribute%.
    3. Make a global bookmark and use %AD:attribute% as your IP or hostname
    4. When a user logs in, they will get their own custom attribute assigned to the hostname

    There is an issue with this working in contemporary mode in 10.2.0.0 but will be fixed in 10.2.0.1. Make sure the users cannot modify or delete bookmarks or they will delete that global bookmark for everyone by accident.

  • SbishopSbishop Newbie ✭

    Masterroshi, i'd like to follow up on your response.

    I want to enable users to connect to our SMA410 and RDP to their destop. I have a custom attribute setup in AD called rdp and i have populated that attribute with their computer name. i've created a global bookmark with %AD:rdp% as the name/ip address.

    i'm getting this error when testing it "Error: Name resolution failed for this service. Please make sure that DNS is configured on the SMA appliance, or contact your administrator. Please close the window."

    Any suggestions? Should the AD attribute have the dns suffix in? currently it is just the computer name.

    Thanks in advance for any suggestions.

  • @Sbishop , the appliance needs to be able to resolve the name. I am not sure if a DNS search suffix in the DNS settings will help here but if not, please put the full FQDN in the attribute.

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    Boggles my mind how firewall appliances are more versatile regarding LDAP than dedicated remote access appliances. With the firewalls you can just import a user or group and use it in any way needed.

    With SMA you can only filter with LDAP attributes which I noticed is quite limited. For example, how to check if a group contains the logging in user record, not if the group is contained in the user record?

Sign In or Register to comment.