Access Portal - Issues with RDP/Users Access Setting
Hello,
I've been playing around with the new (to me) Access Portal feature; got SSLVPN set up, custom port, test user/group can use VPN no issues.
For Access Portal, I've configured an SSH connection (works) and a RDC connection to my internal workstation (Windows 10, RDC on standard port) (using NLA only works, everything else gives "Upstream_Not_Found" error).
Obviously, the problem is that in creating an NLA connection, you have to enter login credentials so I thought I would try using the Users Access configuration. However, once I set up connection using:
Authentication Server: Active Directory
Type: User
Name: username (without @domain)
and select the specific RDC connection, I'm no longer able to get to the application landing page after logging in; instead, I am presented with a "No applications for this user" error.
Any ideas what I might be doing incorrectly?
Comments
Did a little more reading & testing; turns out:
User and group names on your Active Directory server are case-sensitive. When you add a user or group to your Firebox, the user or group name must have the same capitalization used in the name on the Active Directory server.
https://www.watchguard.com/help/docs/fireware/12/en-US/Content/en-US/services/access portal/access_portal_config.html
It's been a long week...!
Hi @JeffT
Auth server usernames and groups are case sensitive. If given the choice, I generally recommend that admins use groups, as they'll always return from the auth server the same way, whereas UsEr@domAIN and USER@DOMAIN will both auth, but be treated as different users.
There is a feature request to ignore case in RADIUS groups (that's FBX-3996,) however, at this time I'd suggest picking a convention (like all lower case) for the users to use.
You can see how the user logged in in the authentication list -- it'll display it exactly how the user authenticated when they logged in.
-James Carson
WatchGuard Customer Support