Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 4763 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rules by groups don't work, by user do

Boldmen
UTM 9.103-5
I made a rule (RDP -> internet) that applies to one user (AD user), works fine.
When i changed that rule to a group (backend membership AD) the rule doesn't work anymore, the UTM blockes the rdp protocol.
But in the web proxy that group works fine, changing the Web Filtering Profiles.
I checked the AD  UTM connection by "Authenticate example use" and works.
In
Definitions & Users -> Users & Groups (blue !) the membership of the user in groups are not shown, but the web proxy works fine with that group membership. 
What can i do : )


This thread was automatically locked due to age.
Parents
  • 0
    This is the log of the prefetch:


    Live Log: Directory user prefetch 
    Filter: 
    Autoscroll 
    Reload
    2013:07:21-17:25:15 utm user_prefetch[8197]: ------------------------------------------------------------
    2013:07:21-17:25:15 utm user_prefetch[8197]: # 1 Updating user DemoNAV
    2013:07:21-17:25:15 utm user_prefetch[8197]: # 2 Updating user Gunnar
    2013:07:21-17:25:15 utm user_prefetch[8197]: # 3 Updating user Adm05
    2013:07:21-17:25:16 utm user_prefetch[8197]: # 4 Updating user ADM-SQL
    2013:07:21-17:25:16 utm user_prefetch[8197]: 4 user objects were found:
    2013:07:21-17:25:16 utm user_prefetch[8197]: 0 users were created
    2013:07:21-17:25:16 utm user_prefetch[8197]: 4 users were updated
    2013:07:21-17:25:16 utm user_prefetch[8197]: 0 users are authenticated locally.
    2013:07:21-17:25:16 utm user_prefetch[8197]: Overall time: 0m 1s
    2013:07:21-22:25:25 utm user_prefetch[31450]: >=========================================================================
    2013:07:21-22:25:25 utm user_prefetch[31450]: ARGV: $VAR1 = [
    2013:07:21-22:25:25 utm user_prefetch[31450]: '--server-ref',
    2013:07:21-22:25:25 utm user_prefetch[31450]: 'REF_AutAdiSdc01neise'
    2013:07:21-22:25:25 utm user_prefetch[31450]: ];
    2013:07:21-22:25:25 utm user_prefetch[31450]:  using internal configuration from Confd
    2013:07:21-22:25:25 utm user_prefetch[31450]: Using contexts from confd object
    2013:07:21-22:25:25 utm user_prefetch[31450]: ldap server:
    2013:07:21-22:25:25 utm user_prefetch[31450]: server: 172.16.41.20
    2013:07:21-22:25:25 utm user_prefetch[31450]: port: 389
    2013:07:21-22:25:25 utm user_prefetch[31450]: ssl: 0
    2013:07:21-22:25:25 utm user_prefetch[31450]: bind_dn: CN=Adm05,CN=Users,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: update: 1
    2013:07:21-22:25:25 utm user_prefetch[31450]: contexts:
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=POP-Mail-Access,OU=Groups,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=RDP-Admin,OU=Groups,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Surfen-Full,OU=Groups,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: Starting synchronization for adirectory
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: Searching for users
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: Connecting to ldap server
    2013:07:21-22:25:25 utm user_prefetch[31450]: ldap server: ldap://172.16.41.20:389
    2013:07:21-22:25:25 utm user_prefetch[31450]: Context 'CN=POP-Mail-Access,OU=Groups,OU=Neise-MS,DC=Neise,DC=de' is a group. Adding group members:
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: Context 'CN=RDP-Admin,OU=Groups,OU=Neise-MS,DC=Neise,DC=de' is a group. Adding group members:
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=DemoNAV,OU=User,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Adm05,CN=Users,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: Context 'CN=Surfen-Full,OU=Groups,OU=Neise-MS,DC=Neise,DC=de' is a group. Adding group members:
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=ADM-SQL,CN=Users,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Adm05,CN=Users,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: Performing ldap search:
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=DemoNAV,OU=User,OU=Neise-MS,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=Adm05,CN=Users,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=ADM-SQL,CN=Users,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=Adm05,CN=Users,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: Ldap search returned 7 users
    2013:07:21-22:25:25 utm user_prefetch[31450]: Search time: 0m 0s
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: Adding/updating users
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: # 1 Updating user DemoNAV
    2013:07:21-22:25:25 utm user_prefetch[31450]: # 2 Updating user Gunnar
    2013:07:21-22:25:25 utm user_prefetch[31450]: # 3 Updating user Adm05
    2013:07:21-22:25:25 utm user_prefetch[31450]: # 4 Updating user ADM-SQL
    2013:07:21-22:25:25 utm user_prefetch[31450]: 4 user objects were found:
    2013:07:21-22:25:25 utm user_prefetch[31450]: 0 users were created
    2013:07:21-22:25:25 utm user_prefetch[31450]: 4 users were updated
    2013:07:21-22:25:25 utm user_prefetch[31450]: 0 users are authenticated locally.
    2013:07:21-22:25:25 utm user_prefetch[31450]: Overall time: 0m 0s

    In the pictures you can see the problm: The user Gunnar is a member of the group RDP-Admin in the AD and also in the prefetch log, but it's not shown at the blue! in Users. 

    I deleted all Users and Groups, but no success!
Reply
  • 0
    This is the log of the prefetch:


    Live Log: Directory user prefetch 
    Filter: 
    Autoscroll 
    Reload
    2013:07:21-17:25:15 utm user_prefetch[8197]: ------------------------------------------------------------
    2013:07:21-17:25:15 utm user_prefetch[8197]: # 1 Updating user DemoNAV
    2013:07:21-17:25:15 utm user_prefetch[8197]: # 2 Updating user Gunnar
    2013:07:21-17:25:15 utm user_prefetch[8197]: # 3 Updating user Adm05
    2013:07:21-17:25:16 utm user_prefetch[8197]: # 4 Updating user ADM-SQL
    2013:07:21-17:25:16 utm user_prefetch[8197]: 4 user objects were found:
    2013:07:21-17:25:16 utm user_prefetch[8197]: 0 users were created
    2013:07:21-17:25:16 utm user_prefetch[8197]: 4 users were updated
    2013:07:21-17:25:16 utm user_prefetch[8197]: 0 users are authenticated locally.
    2013:07:21-17:25:16 utm user_prefetch[8197]: Overall time: 0m 1s
    2013:07:21-22:25:25 utm user_prefetch[31450]: >=========================================================================
    2013:07:21-22:25:25 utm user_prefetch[31450]: ARGV: $VAR1 = [
    2013:07:21-22:25:25 utm user_prefetch[31450]: '--server-ref',
    2013:07:21-22:25:25 utm user_prefetch[31450]: 'REF_AutAdiSdc01neise'
    2013:07:21-22:25:25 utm user_prefetch[31450]: ];
    2013:07:21-22:25:25 utm user_prefetch[31450]:  using internal configuration from Confd
    2013:07:21-22:25:25 utm user_prefetch[31450]: Using contexts from confd object
    2013:07:21-22:25:25 utm user_prefetch[31450]: ldap server:
    2013:07:21-22:25:25 utm user_prefetch[31450]: server: 172.16.41.20
    2013:07:21-22:25:25 utm user_prefetch[31450]: port: 389
    2013:07:21-22:25:25 utm user_prefetch[31450]: ssl: 0
    2013:07:21-22:25:25 utm user_prefetch[31450]: bind_dn: CN=Adm05,CN=Users,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: update: 1
    2013:07:21-22:25:25 utm user_prefetch[31450]: contexts:
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=POP-Mail-Access,OU=Groups,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=RDP-Admin,OU=Groups,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Surfen-Full,OU=Groups,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: Starting synchronization for adirectory
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: Searching for users
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: Connecting to ldap server
    2013:07:21-22:25:25 utm user_prefetch[31450]: ldap server: ldap://172.16.41.20:389
    2013:07:21-22:25:25 utm user_prefetch[31450]: Context 'CN=POP-Mail-Access,OU=Groups,OU=Neise-MS,DC=Neise,DC=de' is a group. Adding group members:
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: Context 'CN=RDP-Admin,OU=Groups,OU=Neise-MS,DC=Neise,DC=de' is a group. Adding group members:
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=DemoNAV,OU=User,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Adm05,CN=Users,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: Context 'CN=Surfen-Full,OU=Groups,OU=Neise-MS,DC=Neise,DC=de' is a group. Adding group members:
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=ADM-SQL,CN=Users,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: CN=Adm05,CN=Users,DC=Neise,DC=de
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: Performing ldap search:
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=DemoNAV,OU=User,OU=Neise-MS,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=Adm05,CN=Users,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=ADM-SQL,CN=Users,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=Gunnar Neise,OU=User,OU=Neise-MS,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: searching 'CN=Adm05,CN=Users,DC=Neise,DC=de'
    2013:07:21-22:25:25 utm user_prefetch[31450]: Ldap search returned 7 users
    2013:07:21-22:25:25 utm user_prefetch[31450]: Search time: 0m 0s
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: Adding/updating users
    2013:07:21-22:25:25 utm user_prefetch[31450]: ------------------------------------------------------------
    2013:07:21-22:25:25 utm user_prefetch[31450]: # 1 Updating user DemoNAV
    2013:07:21-22:25:25 utm user_prefetch[31450]: # 2 Updating user Gunnar
    2013:07:21-22:25:25 utm user_prefetch[31450]: # 3 Updating user Adm05
    2013:07:21-22:25:25 utm user_prefetch[31450]: # 4 Updating user ADM-SQL
    2013:07:21-22:25:25 utm user_prefetch[31450]: 4 user objects were found:
    2013:07:21-22:25:25 utm user_prefetch[31450]: 0 users were created
    2013:07:21-22:25:25 utm user_prefetch[31450]: 4 users were updated
    2013:07:21-22:25:25 utm user_prefetch[31450]: 0 users are authenticated locally.
    2013:07:21-22:25:25 utm user_prefetch[31450]: Overall time: 0m 0s

    In the pictures you can see the problm: The user Gunnar is a member of the group RDP-Admin in the AD and also in the prefetch log, but it's not shown at the blue! in Users. 

    I deleted all Users and Groups, but no success!
Children
No Data
Unfiltered HTML