Active Directory User Authentication

duveng1
Comes here often

Active Directory User Authentication

I'm trying to connect my AD servers to our Mx95 following the guide from Meraki's documentation. We had an issue with a WMI error but a firmware update fixed that and now the Security & SD-Wan > Active Directory is showing green checkmarks for the 4 servers. Problem, we still aren't able to get the web filtering group policies to work in our network. I can see the Security Groups we have configured on our AD Server and they're linked to the Group Policies we set up on the Meraki but logging in to one of our devices for testing shows it isn't blocking the websites that I have listed in the block list.

 

Has anyone run into a similar issue before? I'm not sure where to start troubleshooting this, its as if WMI isn't sending user login records to the Meraki.

5 REPLIES 5
alemabrahao
Kind of a big deal
Kind of a big deal

Have you checked on the logs if the client was authenticated correctly?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Event Viewer seems to show logon and logoff events are occurring. It doesn't show usernames but I can see our computer names.

alemabrahao
Kind of a big deal
Kind of a big deal

So something is wrong as the usernames should show up. Is the issue of the certificate and global catalog really right? Did you ever double-check the settings? 

 

I think it's a good way to start: https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Active_Directory_I...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Actually, looking at it again this morning, I can see usernames/computers for logoff events but logon events show NULL SID: 

Screenshot 2023-03-17 111638.png

 

alemabrahao
Kind of a big deal
Kind of a big deal

Take a look at this:

 

https://morgantechspace.com/2013/10/event-4624-null-sid-repeated-security.html

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels