How can i make access user acros microsoft activ directory using AD groups.

victor_kirichenko
edited April 2021 in Security
aaa server is tuned in and tests passing.
in policy control for lan1outgoing trafic i try set allow for users from AD Group . 
sorry for my bad inglish.

All Replies

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @victor_kirichenko,

     

    For that you will need to configure a Policy Control rule under Configuration > Security Policy > Policy Control menu as following;

     

    You will need 2 Policy Control rules for that;

    First one is for allowing AD users. 


    Second rule is for reject rest of the LAN1 users.



    Please make sure that Allowing rule's priority is higher than the rejecting rule as in the following screenshot.



    Best regards.

  • sorry i'm sick. can i speek russian ?

    I tried to do this rools . not working. when i change user to any connecting to inet, when change to AD . Zyxel to AD server connecting and users groups reading. I can connect this accaunt to zywall but brouser not connecting to inet site 

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment
    Hi @victor_kirichenko,

    Please type in English language.

    Can you please share some information;

    1- What's the Zyxel device model name and firmware version?
    2- Which Windows Server version do you use?

    Best regards.
  • USG FLEX 500 V4.62(ABUJ.0) AD Windows server 2003 
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @victor_kirichenko,


    Does your AD return information when you query users by name as following;

    Configuration > Object > AAA Server > Configuration Validation 




    If that returns valid information as in the above, can you describe how do you want to set?

     

    Best regards.


Security Highlight