Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SSL VPN & securing access via membership of LDAP group

fredfred Newbie ✭

Hi I have followed the following article

https://www.sonicwall.com/support/knowledge-base/ssl-vpn-how-can-i-configure-ldap-authentication-for-ssl-vpn-users/170503844059585/

and imported my LDAP group etc

However, users that are not members of my selected AD group are still authenticating successfully through netextender and the portal.

What could be the issue?

Category: SSL VPN
Reply

Answers

  • Hi @FRED,

    Could you please ensure only the SSLVPN User Group that is imported to the SonicWall firewall is alone part of the "SSLVPN Services" built-in user group in the SonicWall?

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • fredfred Newbie ✭

    Hi,

    Thanks for your reply. I can confirm that it's the only entry within the group and the AD group only contains select users. However other users are still able to authenticate.

  • Hi @fred,

    Could you please check the setting shown in the below screenshot on your firewall and set the same way? The setting is done in the SonicWall GUI, MANAGE | Users | Settings | Authentication Tab | CONFIGURE LDAP | Users & Groups Tab

    If this setting is also already in place, ensure to check the default built-in user groups "Trusted Users" and "Everyone" and ensure "All LDAP Users" is not part of these two groups.

    Let us know how it goes.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • fredfred Newbie ✭

    Hi,


    thanks for your response.

    Ok so I have selected trusted users as the default group.

    However I'm unable to remove the LDAPusers from within Trusted Users & Everyone as it is greyed out.

    How do I get around this?


  • Hi @FRED,

    Please try this. Please have the drop down for Default LDAP User Group set to "SSLVPN Services" or to the "user group imported from AD consists of SSLVPN users" instead Trusted Users. Also, make sure the default SSLVPN Services group doesn't contain "All LDAP Users" as a member of it.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • fredfred Newbie ✭

    Unfortunately, as soon as I select either of those two groups in the drop down, 'All ldap users' is automatically added to that group and I'm unable to remove it unless I deselect it as the default group.

  • Hi @FRED,

    I believe the issue needs real-time assistance. Please reach out to our support team for assistance.


    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • fredfred Newbie ✭

    Just an update, have had a remote session with tech support and we have it working now.

    The issue seemed to be the default group - changing it to everyone worked, all the other settings remain as they were.

    It was suggested to try rebooting and switching to trusted users although there are no risks to leaving it as the everyone group.

    Not sure if this was a bug, it's not one they're aware of.

  • fredfred Newbie ✭

    Thanks you guys for your assistance

  • Thanks for sharing the info @FRED. Appreciate it.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Thank you for sharing your experience .

Sign In or Register to comment.