Solved

Sonicwall ldap users and groups setup

Posted on 2011-03-24
4
2,801 Views
Last Modified: 2012-05-11
I have a sonicwall connecting to a 2008 server. I'm not totally clear on the authentication side of things. It seems to be overly complicated!

First authentication is either ldap or ldap +users. why would I need ldap+users?

What I want is to create an OU in A.D called sonicwall. I then create a group in that OU called sonicwall users (I will use it for possibly single sign or vpn users but at the moment its purely test environment) I make a user a member of the sonicwall users group. I would like only the users in this group to be able to access via vpn etc.

When I enter internal.local/users in the "Trees containing users:" section in the directory tab I can do a test using the test tab and it authenticates but this is obviously no good as any user in the /users folder would be able to authenticate, I want only the users in the sonicwall users group to authenticate but no matter what I put in "Trees containing users" it doesn't work.

I think I could be missing some fundamentals here! thanks
0
Comment
Question by:Sid_F
  • 2
4 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 35212009
Ldap + users let's you have a user in the sonicwall to VPN into incase ldap fails for some reason. I always choose that option with just one emergency admin user.
0
 
LVL 6

Author Comment

by:Sid_F
ID: 35225974
ok thanks but is the rest of my setup correct or am i mis-reading something
0
 
LVL 6

Accepted Solution

by:
theonlyallan earned 500 total points
ID: 35398802
You can authenticate using the Test feature, but It should not allow the user to have VPN access.
Everybody will authenticate, but the users needs to be in a Group before the SW will allow them to do anything..

1 - Go to: Local Groups > Import Groups from LDAP.
2- Select the Group you want to Import: (Sonicwall Users)
3 - Under VPN Access tab, select the Subnets you want people to have access to.
4 - When the AD user with Sonicwall Users group assigned, they will be able to Login.

I would recommend installing Radius.. It works better and allows users to change passwords when expired.
0
 
LVL 6

Author Closing Comment

by:Sid_F
ID: 35702825
thanks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWall Pro 300 Firmware 2 109
RDP Sonicwall 8 88
Cisco ASA LDAP Authentication for VPN and Management 8 39
How to safely test out TFTP server software 12 92
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question