[IAG] Domain users cannot be associated with Internet access policies – multiple domain environments, users with the same name exist
Problem Description
Multiple domain servers are configured on the IAG device authentication server, in different domains (domain names are different, domain A and domain B). Now the Internet access policy test is associated with domain user Zhang San, but it is found that the policy test cannot be associated.
Process——
- The Internet access policy does find the domain user Zhang San in domain A and associates it with the domain user Zhang San. No other restrictions are set.
- The synchronization of domain users in domain A is normal. During the test, it was found that domain B was disabled in the authentication server. Then the account Zhang San could be normally associated with the policy test.
- After careful inspection, it was found that the account Zhang San existed in both domain A and domain B.
Root cause
This is caused by the existence of domain user Zhang San with the same name in domain A and domain B.
solution
IAG currently does not support Internet access policy association for domain accounts with the same name in different domains.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=6497&isOpen=true