The default port for LDAP is port 389, but LDAPS uses port 636 and establishes TLS/SSL upon connecting with a client.
Step 1 : Create Server Profile
Device --> Server Profiles --> LDAP
Step 2 :
Go to Device --> User Identification --> Group Mapping Settings
Step 3 :
Now go to Group Include List and AD must expand . If it doesn't then it's not properly configured.
Step 4 : Select Groups from AD whose user's must be authenticated.
Now say we want only users from user & Admin group to be authenticated using AD.
Note if you aren't able to expand DC then there is issue in connecting to AD server.
Step 5 :
Go to Devices --> Create Authentication Profile
Step 6 :
Device --> User Identification
Here is default settings
Click edit
Let's enable Server log monitor session & client probing (By Default they aren't enable)
Step 7 :
Now go to Zone in which you want users to be authenticated & enable user identification.
You may need to enable Source User to see Traffic Monitoring showing user ID
To see details of traffic click on magnifier
Comments