Help

Scoping policies to AD groups in Casper 8.6.

Go to solution
CypherCookie
Contributor

Posted on ‎09-17-2012 03:04 AM

Hi,

I'm having problems getting part of a self service policy to work in casper. I have created a self service policy which needs to be limited to specific user accounts, namely staff, student and support staff. We have got ad login working, but whenever i scope a particular policy to a set of user groups e.g. all staff no staff members can see the particular policy.

Does anyone have any idea why this is? or where the problem could be happening?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
CypherCookie
Contributor

Posted on ‎09-19-2012 08:30 AM

I have got it working! Our AD proved not to be the problem, instead what i needed to enable was in Computer Management Framework Settings>Self Service>End-User Authentication then ticked Users can log in (Anonymous login is available). It was ticked to Users are not required to log in. this however failed to pass through any AD credentials of the user to self service.

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
jarednichols
Honored Contributor

Posted on ‎09-17-2012 06:12 AM

It's probably something in your group mapping in your LDAP binding not lining up with your directory.

0 Kudos

Go to solution
CypherCookie
Contributor

Posted on ‎09-17-2012 07:46 AM

yes thats what i think as well. I can apply the policy to specific machine groups and the applications appear in self service. When i try to apply a user group the application no longer appears. This happens when the computer group is or is not applied also!

0 Kudos

Go to solution
jarednichols
Honored Contributor

Posted on ‎09-17-2012 09:35 AM

You may need something like Apache Directory Studio to have a look at what your AD looks like. It can be a little bit different for each implementation. Also, have a look at how your AD is storing the group's membership attributes. In some cases the group's membership is stored in the group itself. In others, the members of the group have an attribute that lists all the groups that they're a member of. It's up to your implementation. If you can, get the help of the dude or dudette that runs your AD.

0 Kudos

Go to solution
CypherCookie
Contributor

Posted on ‎09-18-2012 01:35 AM

Thanks Jared! I've managed to wrangle a meeting with our AD guys so fingers crossed it'll be the AD that is the issue!

Cheers!

0 Kudos

Go to solution
CypherCookie
Contributor

Posted on ‎09-19-2012 08:30 AM

I have got it working! Our AD proved not to be the problem, instead what i needed to enable was in Computer Management Framework Settings>Self Service>End-User Authentication then ticked Users can log in (Anonymous login is available). It was ticked to Users are not required to log in. this however failed to pass through any AD credentials of the user to self service.

0 Kudos