Fixing “Error fetching groups” After Upgrade Sourcefire to 6.0

We have just upgraded Sourcefire to 6.0. Did everything go smooth? Well, almost. Some users (me included) are having issues fetching users and groups from Active Directory realm. The error is:

Error fetching groups. Please check your directory configuration and try again.

Like this:

errorfetch

The error does not manifest itself so obviously. We can still download users/groups by clicking Download Now (indicated by red number one on the image bellow), and the task *will* be successful, but when we refresh the retrieved results (red number two icon), we have the error from above.

downloadnow

In the Task Status window, we can see that groups and users are fetched successfully:

success

But still, we cannot refresh them and use them accurately in our policies.

The fix is very easy. We go under our realm configuration, System->Integration->Realm Configuration and we can see the user name that is used to connect to LDAP server(s) and pull the users and groups out. Previous version required it to be in displayed form:

wrong

We can see that the old form is CN=username,OU=someou,DC=domain,DC=tld, and that the Defense Center now wants it to be username@domain.tld, as indicated with the red square. So, the fix is easy: we change the form of the Directory Username field and save our changes:

nonwrong

 

Now, after we save changes, we can refresh our users and groups:

wehavegroups

This should wrap up this issue.

Thanks for reading!

 

Advertisements
This entry was posted in Cisco, FirePOWER, FireSight, Firewall, IPS, Security, Sourcefire and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s