Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
0
Helpful
5
Replies

Error adding a group into an access policy

GabsC2
Level 1
Level 1

‎06-15-2022 11:27 AM

Good day.

 

    I'm configuring an SMA for a WSA, I created the access policy, the identification profiles, added the LDAP server and when I'm trying to add a group in the identification profiles and Users I'm receiving this error:

 

CN=XX,OU=XX,DC=XX,DC=XX is not a valid entry. Authentication group name cannot start with "builtin\" or contain any of ,;+
 
     I'm receiving the groups directly from the LDAP server, selecting it from the list the LDAP server sends and receive that error. I don't know if someone had that error before and know the reason of the error.
Labels:
0 Helpful
5 Replies 5

Ken Stieers
VIP
VIP

‎06-15-2022 11:43 AM

Do any of the any 'XX' sections have comma, plus or semicolon?


0 Helpful

GabsC2
Level 1
Level 1
In response to Ken Stieers

‎06-16-2022 05:03 PM

No, the only symblos it has are "_"

0 Helpful

amojarra
Cisco Employee
Cisco Employee

‎06-16-2022 12:46 AM

Hi @GabsC2 

 

[1] Could you please share the version of WSA and SMA and the configuration master which you are using?

[2] is there any error in the output of test realm from GUI 

[3] please let us know if you get the same Error if you configure it directly from WSA ? 

 

your Error is same as : CSCur97294 : Bug Search Tool (cisco.com)

but that is an OLD defect. 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

0 Helpful

GabsC2
Level 1
Level 1
In response to amojarra

‎06-16-2022 05:14 PM

Hi @amojarra 

 

1- 

 

SMA

 

Current Version
===============
Product: Cisco M600V Secure Email and Web Manager
Model: M600V
Version: 14.1.0-227

 

WSA

 

Current Version
===============
Product: Cisco S600V Web security Virtual Appliance
Model: S600V
Version: 14.0.1-053

 

I don't know if this is what you mean about the configuration master

 

14.0 (14.0.1)  Initialized

 

2 - No, all the test run ok

 

3 - Yes, it happens on both appliances

0 Helpful

amojarra
Cisco Employee
Cisco Employee
In response to GabsC2

‎06-17-2022 02:35 AM

thanks @GabsC2 

 

 

 

[1] I don't know if this is what you mean about the configuration master 

yes, thank you , that is exactly what I wanted to check. it is compatible and OK 

 

[2] No, the only symblos it has are "_"

can you check to see if without this symbol you get the same Error ?

 

[3]  Yes, it happens on both appliances

you mean If you add that user from SMA and from WSA, you get the same Error? if so I believe it is better to open a TAC case, maybe we need to file a defect. to make sure we need to check from the back-end.

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

0 Helpful
Customers Also Viewed These Support Documents