Support Center > Search Results > SecureKnowledge Details
External User groups are not matched correctly when connecting to SNX Portal
Symptoms
  • External User groups are not matched correctly when connecting to SNX Portal - users get permissions to access resources, which they are not supposed to access.

  • Debug of VPND daemon (per sk89940) shows that the involved user is matched to Generic profile:

    [ PID][Date Time][AU] au_fetchuser_callback(o=0x... user=0x0): start ldap_err=0
    [ PID][Date Time][AU] au_fetch_generic_profile: checking GUP NameofInvolvedProfile-profile for InvolvedUserName
    [ PID][Date Time][AU] au_fetch_generic_profile: checking GUP generic* for InvolvedUserName
    [ PID][Date Time][AU] au_fetchuser_callback(o=0x...): GUP found (InvolvedUserName)
    [ PID][Date Time][AU] au_fetchuser_callback(o=0x...): user obj: (InvolvedUserName
      :AdminInfo (
        :chkpf_uid ("{...}")
        :ClassName (user)
        :table (users)
        :LastModified (
          :Time ("...")
        (-1)
      )
      :destinations (
        : (Any)
      )
      :groups (
        : (NameofGenericProfile
          :type (usrgroup)
    
  • Connection to Mobile Access Portal with the same External User works correctly (user is matched to the correct profile).

Cause

The VPND daemon does not take into account the Domain Name, and matches the user to the <em>Generic*</em> profile.


Solution
Note: To view this solution you need to Sign In .