08-19-2020 08:30 AM
I am trying to allow Active Directory users members of a security group to log-in as superusers to an InfoBlox appliance. I have performed the following steps:
1) Created a security group in the Actice Directory domain and made my account a member of it (for testing).
2) Created an Active Directory Authentication Service Group with all the domain controllers listed; I enabled the SSL encryption and the test was successful for all the DCs.
3) Created a superuser admin group with exactly the same name as the Active Directory security group.
4) Added the AD Authentication Service Group to the Authentication Policy; I put it first in the list.
5) Added the superuser admin group to the list of "Map the remote admin group to the local group in this order".
After this, I cannot log-in using either my account's SAM account name, UPN account name, or domain\SAM_account_name, and the logs give an error of
to=AdminConnector ip=x.x.x.x info=Admin has no enabled groups apparently_via=GUI
What have I missed something?
David del Campo