We'd love to hear about it! Click here to go to the product suggestion community
Hi have 2 users who are part of the same AD groups named testts and testvpn2.Both are able to login into the HTML 5 user portal, however only testts is able to access the resources.
In the user window I see that testvpn2 user doesn't have the VPN-Aphrodite group, however he is member of the group.A manual sync has been triggered.
Thomas, in the UTM, you have defined a User Group named "VPN-Aphrodite" and added the "tests" user. You probably don't want/need to have that group. More likely, you want a Backend Group limited to the Active Directory Security Group "VPN-Aphrodite." See #6 in Rulz.
Cheers - Bob
In reply to BAlfson:
Thank you for your response.However, this is a Backend Group limited to AD group "VPN-Aphrodite".
In reply to thomas raikkonnen:
Indeed it is, Thomas!
Membership in Backend Groups hasn't shown in the past, so I suspect that there might be a glitch in this new capability.
What if you Edit the AD server on the 'Servers' tab and test the other user - does it show that he's a member of the "VPN-Aphrodite" group? Does group membership now show up for the user?
What happens if you enable 'Active Directory Group Membership Synchronization' on the 'Advanced' tab of 'Authentication Services' and then press the [Synchronize now] button - does the user then show membership?
I get the following message on both servers.However, the user is member of the "VPN-Aphrodite" AD group.
Enable AD group membership background sync was already ticked and I pressed the button last week as well.
The UTM also has been updated to the latest version (9.506-2)
Did Sophos Support say that this is a bug?
Found the issue, apparently the pre and post Win2000 name must be equal in AD.