LDAP Servers in SPS

I am attempting to configure the LDAP Servers in SPS to create a new "content policy" where i want to apply it on a active directory group. If a user is in the group cannot digit a specific command and if a user is not in the group can digit a specific command. I configured this sections but doesn't work: policy --> LDAP Servers, policies --> Content policy, SSH Control --> connections and SSH Control --> Channel policy

if there is a possibility to attach some picture i can show all the configurations

thank you very much.

Parents
  • Hello Dario,

    Can you check the following and see if this works?

    1. Policies > Content Policies > Select Commands radio button
    - Take action if the event contains any of the following strings or expressions: Add the command here

    - Apply this policy only to members of these gateway groups: Add the AD group here

    - Enable the check box: Log + Terminate Connection + any other actions as required

    2. SSH Control > Channel Policies > expand the channel policy > Under Type where Session Shell is selected > Content Policy: Select the content policy created in 1 here

    3. SSH Control > Authentication policies > Create a new LDAP Gateway Authentication policy:
    - Gateway authentication method: Password > Authentication backend: LDAP
    - Relayed authentication methods: can be any of the boxes you need here

    4. SSH Control > Connections > Expand the connection that will be used:

    Select all the policies created above:
    - SSH Setting: can be default for example
    - Authentication policy
    - Channel Policy that has the content policy associated
    - Usermapping policy > in case gateway and remote users are different (for example AD user on Gateway and remote being a local account on target machine)
    - LDAP Server policy

    5. Test again and let us know if any issues?

    Thanks!

Reply
  • Hello Dario,

    Can you check the following and see if this works?

    1. Policies > Content Policies > Select Commands radio button
    - Take action if the event contains any of the following strings or expressions: Add the command here

    - Apply this policy only to members of these gateway groups: Add the AD group here

    - Enable the check box: Log + Terminate Connection + any other actions as required

    2. SSH Control > Channel Policies > expand the channel policy > Under Type where Session Shell is selected > Content Policy: Select the content policy created in 1 here

    3. SSH Control > Authentication policies > Create a new LDAP Gateway Authentication policy:
    - Gateway authentication method: Password > Authentication backend: LDAP
    - Relayed authentication methods: can be any of the boxes you need here

    4. SSH Control > Connections > Expand the connection that will be used:

    Select all the policies created above:
    - SSH Setting: can be default for example
    - Authentication policy
    - Channel Policy that has the content policy associated
    - Usermapping policy > in case gateway and remote users are different (for example AD user on Gateway and remote being a local account on target machine)
    - LDAP Server policy

    5. Test again and let us know if any issues?

    Thanks!

Children