Transparent AD authentication

2»

All Replies

  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    @sk8erbender
    Regarding this case,
    after users do authentication from Windows logon page, they dont need to be authenticated by USG again. 
    Can you double check the log message or login user page to confirm user truly login via SSO?(Go to Monitor>System Status>Login Users)


    The attached steps of configuration on USG and SSO agent side as your reference.
    SSO Agent
    Charlie

    I do not see them here. What could be a problem? Though I see users in user list in sso agent
  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    edited February 2019
    Go to CONFIGURATION > Object > User/Group > User and add a new
    ext-group-user.
    Ex: csosecurity. The domain user “Amy” must belong to this group in the AD.

    I didnt add group in usg 310 could it be a problem?

    Can i add Domain users group ? Or I have to make separate one?

    Also Force user authentication should I tick this or leave it empty ?


  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    edited February 2019
    Also , any ports needed to be opened to communicate form USg ( incoming ) on active directory ? 
    Ports beside default sso on USg itself ?

    Tried every single option - adding group and users , ticking force aouthentication on and off . 

    I can see logged users in sso app on domain controller and logs shows no errors. 
  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    Damn Guys ) I’ll buy 2 beers for those who help me complete setting this up  . I’m sure I’m stuck on something stupid ..
  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    Update - well seems to be opening port 2158 on domain controller solved the problem . Now users show up on USg user list :) I hope I can open port for application only not the just tcp rule ? 
  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    edited March 2019
    Well ( it works for like 15-30 minutes then users get disconnecting from internet asking to enter credentials on USG web page.

    After they log out , then log in again, it works again for 15-30 minutes or so. How do I diagnose this problem?
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited March 2019
    @sk8erbender
    Regarding to this case,
    can I know what issue did you face currently, and more details about"I hope I can open port for application only not the just tcp rule "?

    Also, can you double check the log message or login user page to confirm user truly login via SSO?(Go to Monitor>System Status>Login Users)

    If there is not User ID on the list, you may double check the configuration on SSO agent and USG.


    Charlie
  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    @sk8erbender
    Regarding to this case,
    can I know what issue did you face currently, and more details about"I hope I can open port for application only not the just tcp rule "?

    Also, can you double check the log message or login user page to confirm user truly login via SSO?(Go to Monitor>System Status>Login Users)

    If there is not User ID on the list, you may double check the configuration on SSO agent and USG.


    Charlie
    Well users appear as I said for like 5-10 minutes then disappear they have to log out , log in system to enable internet again. I need professional assistance from Zyxel support. Is there a paid service for this?
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @sk8erbender
    Regarding to this case,
    I will private message to you for more details. Please has a check.
    Charlie

Security Highlight