LDAP Servers in SPS

I am attempting to configure the LDAP Servers in SPS to create a new "content policy" where i want to apply it on a active directory group. If a user is in the group cannot digit a specific command and if a user is not in the group can digit a specific command. I configured this sections but doesn't work: policy --> LDAP Servers, policies --> Content policy, SSH Control --> connections and SSH Control --> Channel policy

if there is a possibility to attach some picture i can show all the configurations

thank you very much.

Parents
  • Hello Dario,

    Can you check the following and see if this works?

    1. Policies > Content Policies > Select Commands radio button
    - Take action if the event contains any of the following strings or expressions: Add the command here

    - Apply this policy only to members of these gateway groups: Add the AD group here

    - Enable the check box: Log + Terminate Connection + any other actions as required

    2. SSH Control > Channel Policies > expand the channel policy > Under Type where Session Shell is selected > Content Policy: Select the content policy created in 1 here

    3. SSH Control > Authentication policies > Create a new LDAP Gateway Authentication policy:
    - Gateway authentication method: Password > Authentication backend: LDAP
    - Relayed authentication methods: can be any of the boxes you need here

    4. SSH Control > Connections > Expand the connection that will be used:

    Select all the policies created above:
    - SSH Setting: can be default for example
    - Authentication policy
    - Channel Policy that has the content policy associated
    - Usermapping policy > in case gateway and remote users are different (for example AD user on Gateway and remote being a local account on target machine)
    - LDAP Server policy

    5. Test again and let us know if any issues?

    Thanks!

  • Hi Tawfiq, first of all thank you so so so much. I followed step by step and everything was done. I only added the authentication policy (creating a new LDAP gateway policy) and set it in SSH --> connection policies under authentication policy. Now when i request a session for an asset in the window that appear it ask to me gateway username and gateway pw but i want to access automatically with user and pw o ssh key as i set in the entitlements (it dipends from the entitlements set for the specific asset). I think that the point is on the authentication policy created. I set:

    - Gateway authentication method : password

    - authentication backend: LDAP

    - relayed authentication methods: password

    if i could send you all the screenshots maybe is perfectly clear which are the configuration.

    (here i think is not possible to attach any picture or other)

    kind regards

Reply
  • Hi Tawfiq, first of all thank you so so so much. I followed step by step and everything was done. I only added the authentication policy (creating a new LDAP gateway policy) and set it in SSH --> connection policies under authentication policy. Now when i request a session for an asset in the window that appear it ask to me gateway username and gateway pw but i want to access automatically with user and pw o ssh key as i set in the entitlements (it dipends from the entitlements set for the specific asset). I think that the point is on the authentication policy created. I set:

    - Gateway authentication method : password

    - authentication backend: LDAP

    - relayed authentication methods: password

    if i could send you all the screenshots maybe is perfectly clear which are the configuration.

    (here i think is not possible to attach any picture or other)

    kind regards

Children