Group Mapping in NPS not working

Ask questions about your Access Server configuration here.
Post Reply
authenticx
OpenVpn Newbie
Posts: 11
Joined: Fri Aug 10, 2018 2:53 pm

Group Mapping in NPS not working

Post by authenticx » Fri Aug 10, 2018 3:01 pm

Hi,
I have a large environment and am trying to map NPS access policies for AD groups to AS groups based on the article here:

https://docs.openvpn.net/configuration/ ... post_auth/

I am sure I have everything correct according to the instructions so when I connect as a user in a restricted group, I expect to only be able to access the subnets/address i defined in the AS group permissions but I still have access to the entire subnet defined in the VPN settings section of the access server admin gui. I thought well maybe when it says "If Group ACLs are desired then those changes should be made in Group/User Permissions" it means this option is to be set to no and it will grant the specifically defined subnets in group permissions so I tried that. When i connect in this scenario, the only two addresses I can access are the DNS servers I have defined. I am thinking something is missing or isn't clear in the instructions on how to do this. we have over 500 users we need to carve up access for and creating local users/groups in the access server is not an option here. Has anyone actually had success with NPS access policies mapping ad groups to AS groups and getting proper connectivity?

EDIT:
I finally got to where I can confirm the user is being added to the mapped group by authenticating with samaccoutnname rather than upn however the access restriction still isn't applying. Any help is appreciated.

EDIT:
I was able to work this out and it is now working properly.

hobermat
OpenVpn Newbie
Posts: 1
Joined: Mon Sep 24, 2018 5:25 pm

Re: Group Mapping in NPS not working

Post by hobermat » Mon Sep 24, 2018 9:18 pm

Did you figure out what was happening? I am having issues with linking to a group with Admin checked.

authenticx
OpenVpn Newbie
Posts: 11
Joined: Fri Aug 10, 2018 2:53 pm

Re: Group Mapping in NPS not working

Post by authenticx » Tue Nov 20, 2018 9:30 pm

Assign a framed pool in your NPS policy that has the exact name of the group in the OVPNAS server

Post Reply