I'm trying to add extra authentication to an internal site via Reverse Authentication. The site itself has no authentication.
The problem is with how the UTM treats our AD-based groups. If I add my user explicitly to the new Reverse Authentication profile - it'll work. But I don't want to explicitly add users - I want to use AD groups.
In our AD we have the following structure of groups:
1) Domain Admins (obviously have a LOT of permissions)
2) Linux Admins (contains Domain Admins, and anyone extra who's supposed to handle one of our Linux servers)
3) Docker Admins (contains Linux Admins, and anyone extra)
Since I'm trying to protect a Docker Repository "UI" site, I've created a new dynamic group in UTM and picked the Docker Admins group. All good, right?
Well... my Domain Admin user cannot log in. The logs only show the following line
2022:11:10-08:55:30 firewall httpd: [authnz_aua:error] [pid 453:tid 1507441520] [client 10.150.4.78:63273] [<username>] AUA responded with 'DENIED'
This thread was automatically locked due to age.