cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
931
Views
0
Helpful
1
Replies

Sonicwall / SMA & AD group Mebership

meeee
Level 1
Level 1

We are in the process of trying to reconfigure our Duo 2FA environment / Sonicwall SMA410.

We are currently have the Duo / SMA configured using Radius & a Windows 2019 NPS server.
We currently have the routing setup to route across several offices & also each suer can currently see the remote desktop bookmark for all offices.
We want to be able to restrict access to the bookmark / routes based on AD group membership. So if a user is a member of 1office group they will see the bookmark and have the ability to route & see the bookmark for that office group.
Is there a way to get our AD groups to apply within the radius/duo setup? Radius tagging could be used but this could get very involved as we have 30+ AD groups
Is there a way to pass AD group membership Via Duo to the SMA?

1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

Is NPS already trying to send the group info back but it gets lost at the Duo proxy? Try setting pass_through_all=true in your radius_client section (more info about that option here). Also add that same option to your radius_server_whatever section if you need attributes passed from your SMA to the proxy to be sent to NPS with the access request.

Duo, not DUO.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links