Reset Search
 

 

Article

NetSight NAC manager end system not hitting correct LDAP user group rule

« Go Back

Information

 
TitleNetSight NAC manager end system not hitting correct LDAP user group rule
Symptoms
End System is not hitting correct rule in NAC manager that has LDAP usergroup component
Environment
  • NetSight Suite
  • NetSight NAC manager
  • NAC rules engine with LDAP usergroup component that has memberOf attribute criteria
Cause
LDAP attributes being returned from Active Directory do not include correct attributes to match criteria of any configured rule
Resolution
To check what LDAP attributes a user has in Active Directory
  1. In NAC manager click Tools > Management and Configuration > Advanced configuration
  2. Click LDAP configurations  > choose LDAP configuration currently used for user lookup
  3. Click Test button
  4. Click User tab
  5. Type in username that is experiencing the issue
  6. Scroll down and copy the memberOf section to notepad

How to compare these to the current NAC rules set:
  1. In the Advanced Configuration window choose the NAC configuration used
  2. Determine which rules have Usergroup Components that contain "LDAP usergroup" and "memberOf" criteria and attributes
  3. Compare the memberOf attributes in each of the usergroup components to see if there is a match

If there is no match then you need to either create a usergroup with the correct memeberOf attributes, or change the user in Active Directory to be part of the correct memberOf security groups.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255