Forum Discussion
CirrusBig-IP not seeing all my users AD groups
Hi,
My access policy provide different portal access in a WebTop based on the users Ad group membership. The issue I'm seeing right now, is that some portal access icons doesn't appear even if the group membership is correct. I went in the report section, in the session variables, I don't see all the groups the users are member of.
The strangest part, if I add other groups to the user that have no link to my F5 configuration, some other groups start appearing.
Is there anyone who ever saw an issue similar to this one? Or, is there anyway to troubleshoot the query done from my F5 device to my Active directory?
Thanks, Jonathan
10 Replies
Stanislas_Piro2Cumulonimbus
Is the user member of group or nested groups?
kunjan_118660Which version are you using?
- Jdemers_204143BIG-IP v11.6.0 (Build 0.0.401) That should be better. Thanks!
kunjanNimbostratus
Which version are you using?
- Jdemers_204143BIG-IP v11.6.0 (Build 0.0.401) That should be better. Thanks!
Seth_CooperEmployee
There was a bug that wouldn't see the last group in the array for the memberOf variable. What version are you running and I can check and see if this is the issue you are reporting.
Seth
- kunjan
It could be due to a known issue fixed in 11.6.0HF4
https://support.f5.com/kb/en-us/solutions/public/16000/400/sol16426.html
- Jdemers_204143
Thanks, the Hotfix 11.6.0HF4 did fix the issue.
The only thing that doesn't work is that it doesn't recognize the primary group. I'll work without it.
Thanks again Jonathan
- Seth_CooperDo you have "Fetch Primary Group" enabled on the ad query object.
- Jdemers_204143No, I did not! Thanks again, that fixed all my issues!
