NetSight 6.1 Virtual Appliance


Userlevel 1
Hey Guys,
just a short question. with the virtual Appliance of NetSight it is only possible to authenticate domain user through radius-server?

Thanks in advance

6 replies

Userlevel 7
You'd also use LDAP....
Userlevel 2
Hello Philipp,

we also had a virtual appliance and authenticate the user with LDAP against the active Directory. Authenticate Domain users, when Domain users is Primary Group in the AD is a Little bit tricky. you have to use a ldap browser and look for the Primary Group id in the Active Directory for Domain users. you can find this under "objectSid" and you Need the last numbers behind the last Hyphen. at last you have to create a new authorization Group in Netsight and give the Membership criteria "primaryGroupID=xxxx". Of course you have to set your ldap configuration at first!
Userlevel 3
Nico Willamowski wrote:

Hello Philipp,

we also had a virtual appliance and authenticate the user with LDAP against the active Directory. Authenticate Domain users, when Domain users is Primary Group in the AD is a Little bit tricky. you have to use a ldap browser and look for the Primary Group id in the Active Directory for Domain users. you can find this under "objectSid" and you Need the last numbers behind the last Hyphen. at last you have to create a new authorization Group in Netsight and give the Membership criteria "primaryGroupID=xxxx". Of course you have to set your ldap configuration at first!

Thanks 🙂

It is also possible to use the memberOf Attribute.





Best Regards
Michael
Userlevel 1
thanks for the replies and nico for the detailed description 😉
Userlevel 2
But Philipp wants to use the Domain Users. Mostly the Domain Users are the Primary Group in the AD and so autentication with "memberOf" doesn´t work. So you had to use the "primaryGroupId". In the example from Michael he use the Group "Domain Admins" I don´t think that this is Primary Group in his Active Directory. We also you for some authentication the "memberOf" Critera but then this AD Group isn´t the Primary Group.
Userlevel 3
Nico Willamowski wrote:

But Philipp wants to use the Domain Users. Mostly the Domain Users are the Primary Group in the AD and so autentication with "memberOf" doesn´t work. So you had to use the "primaryGroupId". In the example from Michael he use the Group "Domain Admins" I don´t think that this is Primary Group in his Active Directory. We also you for some authentication the "memberOf" Critera but then this AD Group isn´t the Primary Group.

That is right - I took Thema "domain unseres" More generic, like not the group " Domain Users". But you are absolute correct. Thanks

Reply