Posted on 09-17-2012 03:04 AM
Hi,
I'm having problems getting part of a self service policy to work in casper. I have created a self service policy which needs to be limited to specific user accounts, namely staff, student and support staff. We have got ad login working, but whenever i scope a particular policy to a set of user groups e.g. all staff no staff members can see the particular policy.
Does anyone have any idea why this is? or where the problem could be happening?
Solved! Go to Solution.
Posted on 09-19-2012 08:30 AM
I have got it working! Our AD proved not to be the problem, instead what i needed to enable was in Computer Management Framework Settings>Self Service>End-User Authentication then ticked Users can log in (Anonymous login is available). It was ticked to Users are not required to log in. this however failed to pass through any AD credentials of the user to self service.
Posted on 09-17-2012 06:12 AM
It's probably something in your group mapping in your LDAP binding not lining up with your directory.
Posted on 09-17-2012 07:46 AM
yes thats what i think as well. I can apply the policy to specific machine groups and the applications appear in self service. When i try to apply a user group the application no longer appears. This happens when the computer group is or is not applied also!
Posted on 09-17-2012 09:35 AM
You may need something like Apache Directory Studio to have a look at what your AD looks like. It can be a little bit different for each implementation. Also, have a look at how your AD is storing the group's membership attributes. In some cases the group's membership is stored in the group itself. In others, the members of the group have an attribute that lists all the groups that they're a member of. It's up to your implementation. If you can, get the help of the dude or dudette that runs your AD.
Posted on 09-18-2012 01:35 AM
Thanks Jared! I've managed to wrangle a meeting with our AD guys so fingers crossed it'll be the AD that is the issue!
Cheers!
Posted on 09-19-2012 08:30 AM
I have got it working! Our AD proved not to be the problem, instead what i needed to enable was in Computer Management Framework Settings>Self Service>End-User Authentication then ticked Users can log in (Anonymous login is available). It was ticked to Users are not required to log in. this however failed to pass through any AD credentials of the user to self service.