Video Screencast Help

dcinterface - nedd help!

Created: 14 May 2010 | 1 comment
Luís Ramos's picture

HI,

I've installed the SWG 8450 in inline mode and everything is working fine.
Now, I want to create policies that deny url's to only a few people, and I want to do this by AD integration. I've already installed the dc interface in my two domain controller, but I can't get the user names in the reports, etc.
When configuring policies I specify workgroups; for every LDAP option, for example the LDAP Organizational Unit, the groups (meaning Organizartional Units) don't appear, i've tried to put the baseDN but still dont works. It is supposed to fill in the baseDN? or should the fields appear automatically?

If in the policies I specify All Computers, it works just fine. but I really need to exclude some Organizational Units, and users explicitly.
Any troubleshooting I can do?

Many thanks,
Luis Ramos 

Discussion Filed Under:

Comments 1 CommentJump to latest comment

Sergi Isasi's picture

Luis,

You are on the right track.  You have the two parts required for user/group policies: dcinterface (or NTLM) and configuring the LDAP page.

Some troubleshooting steps:
1) Ensure that that the DCinterface service has started on the domain controllers.  It's possible that your DCs are configured not to start new services automatically.  This can most easily be done by checking the services via the Microsoft 'services.msc' application.
2) Once DCinterface is running, check the errorlog.txt file to see if there are any error conditions (http://service1.symantec.com/support/ent-gate.nsf/854fa02b4f5013678825731a007d06af/4555d03502c202ab882576a500646433?OpenDocument)
3) Ensure that the proper logon eventIDs are being logged on your DC.  For Windows 2003, these are typically 540 or 672 event types.  For Windows 2008, I believe it is 4625 and 4768.
4) Ensure your LDAP configuration is set properly.  You do need to populate your baseDN, which is typically just your domain name in most scenarios.  For example if your domain is 'company.com', your baseDN would be 'dc=company,dc=com'.  Also make sure that when you press the 'Test LDAP' button, no errors are given.

Senior Product Manager - Web Gateway