Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1070
Views
0
Helpful
1
Replies

Sonicwall / SMA & AD group Mebership

meeee
Level 1
Level 1

‎07-26-2021 02:24 AM

We are in the process of trying to reconfigure our Duo 2FA environment / Sonicwall SMA410.

We are currently have the Duo / SMA configured using Radius & a Windows 2019 NPS server.
We currently have the routing setup to route across several offices & also each suer can currently see the remote desktop bookmark for all offices.
We want to be able to restrict access to the bookmark / routes based on AD group membership. So if a user is a member of 1office group they will see the bookmark and have the ability to route & see the bookmark for that office group.
Is there a way to get our AD groups to apply within the radius/duo setup? Radius tagging could be used but this could get very involved as we have 30+ AD groups
Is there a way to pass AD group membership Via Duo to the SMA?

0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎08-06-2021 06:26 AM

Is NPS already trying to send the group info back but it gets lost at the Duo proxy? Try setting pass_through_all=true in your radius_client section (more info about that option here). Also add that same option to your radius_server_whatever section if you need attributes passed from your SMA to the proxy to be sent to NPS with the access request.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents