Reset Search



NetSight NAC manager end system not hitting correct LDAP user group rule

« Go Back


TitleNetSight NAC manager end system not hitting correct LDAP user group rule
End System is not hitting correct rule in NAC manager that has LDAP usergroup component
  • NetSight Suite
  • NetSight NAC manager
  • NAC rules engine with LDAP usergroup component that has memberOf attribute criteria
LDAP attributes being returned from Active Directory do not include correct attributes to match criteria of any configured rule
To check what LDAP attributes a user has in Active Directory
  1. In NAC manager click Tools > Management and Configuration > Advanced configuration
  2. Click LDAP configurations  > choose LDAP configuration currently used for user lookup
  3. Click Test button
  4. Click User tab
  5. Type in username that is experiencing the issue
  6. Scroll down and copy the memberOf section to notepad

How to compare these to the current NAC rules set:
  1. In the Advanced Configuration window choose the NAC configuration used
  2. Determine which rules have Usergroup Components that contain "LDAP usergroup" and "memberOf" criteria and attributes
  3. Compare the memberOf attributes in each of the usergroup components to see if there is a match

If there is no match then you need to either create a usergroup with the correct memeberOf attributes, or change the user in Active Directory to be part of the correct memberOf security groups.
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255