Directory Connector FAQs

From UntangleWiki

What about shared IP addresses, like with a Terminal Server?

The Directory Connector works by mapping IP addresses to usernames, any IP address sharing will mean the Directory Connector will not be able to tell theses users apart. So, in the case of a Terminal Server using a shared IP address for all users, Directory Connector will not be able to distinguish any activity going through the Terminal Server among users.

There is some third party software available which can solve this issue.

• Quest-Software-VIP-IT

I only see 1000 usernames, but I have more users. Why?

Untangle can read more than 1000 users from AD, but AD must be configured to send more than 1000 users. Run these commands from the command prompt on the AD server to do enable AD to send up to 5000 users:

ntdsutil.exe
LDAP policies
Connections
Connect to server addomainname.local
Quit
Set MaxPageSize to 5000
Commit Changes
Quit
Quit

I have followed all the steps and to best of my knowledge, installed it correctly. How come the logon script does not work?

One way to check to see if your logon script is working or not is to check the status page to view the current user-to-IP map.

If you are seeing no entries after running the script manually or via the logon verify if untangle is in a bridge mode that your interfaces are not backwards.