Transparent AD authentication
Options
All Replies
-
@sk8erbender
Regarding this case,
after users do authentication from Windows logon page, they dont need to be authenticated by USG again.
Can you double check the log message or login user page to confirm user truly login via SSO?(Go to Monitor>System Status>Login Users)
The attached steps of configuration on USG and SSO agent side as your reference.
SSO Agent
Charlie
5 -
I do not see them here. What could be a problem? Though I see users in user list in sso agentZyxel_Charlie said:@sk8erbender
Regarding this case,
after users do authentication from Windows logon page, they dont need to be authenticated by USG again.
Can you double check the log message or login user page to confirm user truly login via SSO?(Go to Monitor>System Status>Login Users)
The attached steps of configuration on USG and SSO agent side as your reference.
SSO Agent
Charlie
0 -
Go to CONFIGURATION > Object > User/Group > User and add a new
ext-group-user.Ex: csosecurity. The domain user “Amy” must belong to this group in the AD.I didnt add group in usg 310 could it be a problem?Can i add Domain users group ? Or I have to make separate one?Also Force user authentication should I tick this or leave it empty ?
0 -
Also , any ports needed to be opened to communicate form USg ( incoming ) on active directory ?
Ports beside default sso on USg itself ?
Tried every single option - adding group and users , ticking force aouthentication on and off .
I can see logged users in sso app on domain controller and logs shows no errors.0 -
Damn Guys ) I’ll buy 2 beers for those who help me complete setting this up . I’m sure I’m stuck on something stupid ..0
-
Update - well seems to be opening port 2158 on domain controller solved the problem . Now users show up on USg user list
I hope I can open port for application only not the just tcp rule ? 0 -
Well ( it works for like 15-30 minutes then users get disconnecting from internet asking to enter credentials on USG web page.After they log out , then log in again, it works again for 15-30 minutes or so. How do I diagnose this problem?0
-
@sk8erbender
Regarding to this case,
can I know what issue did you face currently, and more details about"I hope I can open port for application only not the just tcp rule "?
Also, can you double check the log message or login user page to confirm user truly login via SSO?(Go to Monitor>System Status>Login Users)
If there is not User ID on the list, you may double check the configuration on SSO agent and USG.
Charlie0 -
Well users appear as I said for like 5-10 minutes then disappear they have to log out , log in system to enable internet again. I need professional assistance from Zyxel support. Is there a paid service for this?Zyxel_Charlie said:@sk8erbender
Regarding to this case,
can I know what issue did you face currently, and more details about"I hope I can open port for application only not the just tcp rule "?
Also, can you double check the log message or login user page to confirm user truly login via SSO?(Go to Monitor>System Status>Login Users)
If there is not User ID on the list, you may double check the configuration on SSO agent and USG.
Charlie
0 -
@sk8erbender
Regarding to this case,
I will private message to you for more details. Please has a check.
Charlie0
Zyxel Employee
Ally Member
Categories
- All Categories
- 440 Beta Program
- 2.9K Nebula
- 208 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 528 USG FLEX H Series
- 331 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 50 Wireless Ideas
- 6.9K Consumer Product
- 292 Service & License
- 462 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.6K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight
