Authentication: Dedicated AD / LDAP Server Agent
We would like a program(s) that could install directly on our Active Directory or LDAP server that would update the appliance on what user currently has what IP(s). This way their user objects could be automatically kept current without the need of the Client-Agent you offer, and give me super precise control by User.
in some situation we have DHCP on the network and when we want to have access list for specifiec users we have a problem (we dont want to use static entries - dhcp) we dont now ho have which ip so we have a problem. because we have LDAP we have all users in the AD so can we get the information form the users in the AD and make packet filter rules on users no matter ho have which ip now we can defeat ISA.
Hi Peter, you can accomplish this by installing the Astaro Authentication Agent (Sophos Authentication Agent in UTM9) which will report/update a user object with their current IP after being installed on a workstation. We are working on various improvements to this agent.
Further, we will look at a dedicated server agent for the future as well, which I'll merge this one into.
Peter Mlekus commented
i now that i can do this with the user ho ar in the astaro but can i do this to a AD user ho gets authorized over ldap. I use http proxy and i have groups for the AD. Can i make packet filter rules for this users or groups or not, i can make the packet filer rule but will it work ???
Bob Alfson commented
Peter, if I understand your issue correctly, I think you can do it now. For each user, the Astaro creates a network definition. My username is "balfson" and the Astaro has a definition "balfson (User Network)" that can be used in packet filter rules