Lab Minutes Forum
Technical Discussion => Security => Topic started by: robin on March 31, 2016, 08:09:37 AM
-
Hi MC,
I tried to build the Mapping between AD(win2k) to FMC(ver 6.0.1), so I used the User Agent(ver 2.3(10)), I got the successful Infos from User Agent(Attachment). and i could download the groups and users from Realms. But I got nothing in Analysis-->Users--> Users or User Activity...
Could you give me any ideas to find what is wrong?
Thanks
-
Did you add User Agent as Identity Source and enable user discovery under Discovery?
-
Yes, I have already done with those two.
I did the tcpdump too, and I got the Infos(Attachment).
-
Under Table View of Connection Events is it saying “No Authentication Required?”
I am not sure why it is necessary but removing the source filter from my identity policy resolved the issue.
See https://supportforums.cisco.com/discussion/12743236/firepower-60-initiator-user-showing-no-authenticaton-required for more info.
-
Hi Pacerfan9,
Thanks for the infos. My Problem is not “No Authentication Required”, it is "Unknow". Now I found the solusions, it need to set Logon/logoff success in Windows Server.
-
That was the next thing I was gonna ask if you allowed the agent AD account to have access to Windows logon accounting and if you have Windows logon/off accounting turned on. Glad it is working for you now. :)
-
Under Table View of Connection Events is it saying “No Authentication Required?”
I am not sure why it is necessary but removing the source filter from my identity policy resolved the issue.
See https://supportforums.cisco.com/discussion/12743236/firepower-60-initiator-user-showing-no-authenticaton-required for more info.
Hi Pacerfan9, this actually might be a solution to my other problem I am dealing with, although in my case user shows up as unknown regardless of the user is already mapped in the User table. I believe we might have Source IP specified under Identity Policy. Will try to remove it and see what happen. Definitely sounds like a bug.
-
Do you have a an Identity policy created and assigned to your access policy?
-
Do you have a an Identity policy created and assigned to your access policy?
Yes.. The majority of users work but there are a few that still show as unknown even though we know it should have matched the Identity policy.