the LDIF file should be in that folder in your SMC installation directory. But to clarify, you do not need to modify the schema to be able to use AD users and groups in your firewall policies. Modifying the schema only allows you to set a separate password for AD users through SMC (stored in the sgpassword attribute).
Since you have the authentication working, I assume you have integrated the AD to your SMC i.e. you can browse the users with your Management Client. At that point you can use groups and users in your policies, in either the src/dst or Authentication cells of the rules. Once a user has authenticated to the firewall with a browser or VPN client, their connections can match the rules that include users/groups.
If you wish to match these rules also to users who do not authenticate to the firewall, you would need to install and integrate the McAfee Logon Collector. It collects domain logins from e.g. domain controllers and provides those user-to-IP mappings to the NGFW, so it can match connections to rules with users/groups in src/dst cells.
Hi and thanks for your reply.
I can'nt find the ldif file in my smc folder installation... I think the script was removed in latest version of SMC.
So instead of authenticate users directly with "User password" method on LDAP server, we used the radius autentication with AD groups and we have deployed the MLC.
This solution seems to be working...
Hi, seems the file is indeed not there at least in SMC 5.9 installation, maybe same thing for new 5.8 installation too (I only have an upgraded 5.8 installation to check from now). Pure LDAP authentication with LDAP bind is not supported currently, RADIUS and TACACS+ are. No plans for LDAP bind authentication currently that I know of, you can file a product enhancement request for it at https://mcafee.acceptondemand.com if you want. BR, Lauri