Forum Discussion
Hello, I finally found my mistake, why the iRule never worked. The iRule was only assigned to the access policy in the VPE, but not to the virtual server. After that was solved, the iRule also worked. However, I could only assign a value to each user in the data group. That's why I wrote the iRule as follows:
when ACCESS_POLICY_AGENT_EVENT {
switch [ACCESS::policy agent_id] {
"ui-rdp" {
set dynrdp "notresolvable.net"
set username [ACCESS::session data get session.logon.last.username]
ACCESS::session data set session.assigned.resources.dynrd1 $dynrdp
ACCESS::session data set session.assigned.resources.dynrd2 $dynrdp
switch $username {
User1 {
ACCESS::session data set session.assigned.resources.dynrd1 "Client1"
ACCESS::session data set session.assigned.resources.dynrd2 "Server1"}
User2 {
ACCESS::session data set session.assigned.resources.dynrd1 "Client2"
ACCESS::session data set session.assigned.resources.dynrd2 "Server2"}
UserX {
ACCESS::session data set session.assigned.resources.dynrd1 "ClientX"}
}
}
}
}
I still have 2 problems:
-
even if the client is not resolvable, it will be displayed in the webtop with the name that is not resolvable. Is this possibly a bug in version 13.1, which we use? The function will be described in a Configuration Guide from 11.4
-
I have an RDP with "user defined", if I enter there the IP of a client, on which the access works I get the error message "Your user account is not listed in the RD Gateway's permission list". Does anyone know this error?
Best Regards Tina
- Abdessamad_851Apr 16, 2018Nimbostratus
I think you can still work with data group. Just define all necessary RDPs in a list in each user entry, and then loop that list and assign all rdp resources.
ltm data-group internal myClassName { records { User1 { data "{Client1 Server1}" } User2 { data "{Client2 Server2}" } } type string }
The irule DG part should look like this:
set RDPs [class match -value $username equals myClassName] foreach rdp $RDPs { set rdpIndex [lsearch $RDPs rdp] set dynrdVar "dynrd"$rdpIndex ACCESS::session data set session.assigned.resources.$dynrdVar $rdp }
I didn't test it, so the code might have to be adjusted a little.
regards.