Solved

Sonicwall ldap users and groups setup

Posted on 2011-03-24
4
2,750 Views
Last Modified: 2012-05-11
I have a sonicwall connecting to a 2008 server. I'm not totally clear on the authentication side of things. It seems to be overly complicated!

First authentication is either ldap or ldap +users. why would I need ldap+users?

What I want is to create an OU in A.D called sonicwall. I then create a group in that OU called sonicwall users (I will use it for possibly single sign or vpn users but at the moment its purely test environment) I make a user a member of the sonicwall users group. I would like only the users in this group to be able to access via vpn etc.

When I enter internal.local/users in the "Trees containing users:" section in the directory tab I can do a test using the test tab and it authenticates but this is obviously no good as any user in the /users folder would be able to authenticate, I want only the users in the sonicwall users group to authenticate but no matter what I put in "Trees containing users" it doesn't work.

I think I could be missing some fundamentals here! thanks
0
Comment
Question by:Sid_F
  • 2
4 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 35212009
Ldap + users let's you have a user in the sonicwall to VPN into incase ldap fails for some reason. I always choose that option with just one emergency admin user.
0
 
LVL 5

Author Comment

by:Sid_F
ID: 35225974
ok thanks but is the rest of my setup correct or am i mis-reading something
0
 
LVL 6

Accepted Solution

by:
theonlyallan earned 500 total points
ID: 35398802
You can authenticate using the Test feature, but It should not allow the user to have VPN access.
Everybody will authenticate, but the users needs to be in a Group before the SW will allow them to do anything..

1 - Go to: Local Groups > Import Groups from LDAP.
2- Select the Group you want to Import: (Sonicwall Users)
3 - Under VPN Access tab, select the Subnets you want people to have access to.
4 - When the AD user with Sonicwall Users group assigned, they will be able to Login.

I would recommend installing Radius.. It works better and allows users to change passwords when expired.
0
 
LVL 5

Author Closing Comment

by:Sid_F
ID: 35702825
thanks
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ACL per VPN User 12 102
need rec's for prioritizing bandwidth for new voip system 12 78
GRE Trunnel with IPsec Encryption Issue 3 55
Botnet detection help me please 21 82
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now