4 Replies Latest reply on Nov 3, 2015 11:04 AM by feeeds

    SIEM Local and AD user accounts

    poser

      Hi

       

      We currently using AD for user and admin authentication and we trying to setup use of local account as well for reasons. Noticed when a new user is setup, the SIEM does not differentiate between a local and an AD account and when i do setup the account, the SIEM  attempts to authenticate the new account against AD, even though would want it to be a local account.

       

      Has anyone tried to use a user authentication mixed model of AD and local accounts?

       

      Regards

        • 1. Re: SIEM Local and AD user accounts
          poser

          As a follow up to my question, in addition to local users, is it possible to generally using multiple authentication options ie radius and active directory or has to be one or the other

          • 2. Re: SIEM Local and AD user accounts
            rth67

            From what I recall from several years ago, if you enable AD authentication, the only Local Account will be the default NGCP account, all other accounts will be AD authenticated.

             

            If you can use RADIUS instead of Active Directory, you should be able to pass-thru those accounts that you want AD Authenticated, and create local accounts on the RADIUS server for thsoe who do not have AD credentials.

            1 of 1 people found this helpful
            • 3. Re: SIEM Local and AD user accounts
              poser

              Thanks

               

              Had managed to confirm the same with Mcafee support as well

              • 4. Re: SIEM Local and AD user accounts
                feeeds

                Want to follow up since this is related to accounts.  Has anyone tried to create a non-admin account and add them to groups? We want to create some accounts so a few server admins can only view the events from their servers. When we create the group and assign the user, they are not able to log in. When we go back to the users interface, the group membership is gone. Support is looking into it, just upgraded to MR8 with no difference seen.