Page 1 of 1

AD Group Restriction not working

Posted: Thu May 05, 2016 2:51 pm
by cody@fox
I am trying to limit users by AD group. I have added the user directly into the group and made sure it replicated but I get the following error:

Could not authenticate AD user 'johndoe' on domain 'domain.com' : AD user 'johndoe' is not a direct member of required security group 'FTP_Users'

If I remove the group membership requirement AD authentication works normally.

Re: AD Group Restriction not working

Posted: Fri May 06, 2016 9:06 am
by Serin
If you turn on DEBUG mode in the screen logging from the Log page of the Server Manager do you see the expected groups for the AD user listed when you try to login?

Re: AD Group Restriction not working

Posted: Fri May 06, 2016 10:32 am
by cody@fox
I turned on debugging and the log shows the user is only part of 1 group. The user is part of at least 10 groups.

Re: AD Group Restriction not working

Posted: Fri May 06, 2016 11:24 am
by Serin
Turn on "Try Alternate AD group check" on the Advanced page of the Server Manager and try again.

How about after making that change?

Re: AD Group Restriction not working

Posted: Fri May 06, 2016 11:30 am
by cody@fox
I was just able to resolve the issue by having the server run as a domain account instead of local service.

Re: AD Group Restriction not working

Posted: Fri May 06, 2016 12:07 pm
by Serin
Great, that's another option.