Dear All,

I am trying to allow Active Directory users members of a security group to log-in as superusers to an InfoBlox appliance. I have performed the following steps:

1) Created a security group in the Actice Directory domain and made my account a member of it (for testing).

2) Created an Active Directory Authentication Service Group with all the domain controllers listed; I enabled the SSL encryption and the test was successful for all the DCs.

3) Created a superuser admin group with exactly the same name as the Active Directory security group.

4) Added the AD Authentication Service Group to the Authentication Policy; I put it first in the list.

5) Added the superuser admin group to the list of "Map the remote admin group to the local group in this order".

After this, I cannot log-in using either my account's SAM account name, UPN account name, or domain\SAM_account_name, and the logs give an error of

to=AdminConnector ip=x.x.x.x info=Admin has no enabled groups apparently_via=GUI

What have I missed something?

Yours,

David del Campo