https://live.paloaltonetworks.com/t5/general-topics/user-id-group-mapping-not-pulling-groups/m-p/499710#M105196 <P>Server monitoring is not the same thing as group mapping. You need to configure a group mapping config under the "Group Mapping" tab.</P><P>&nbsp;</P><P>Once configured, you can start with the following command to check the actual status. It might be that there's an issue connecting to the server on LDAP or something.</P><LI-CODE lang="markup">&gt; show user group-mapping state all</LI-CODE><P>&nbsp;</P><P>The useridd log will contain the actual connection attempts to LDAP/LDAPS.</P><LI-CODE lang="markup">&gt; less mp-log useridd.log</LI-CODE><P>&nbsp;</P><P>If you already have a group mapping configured, are you able to browse your LDAP tree from the GUI under your group mapping config -&gt; group include list? If not, you likely have connectivity or authentication issues to LDAP.</P><P>&nbsp;</P><P>If the firewall is actually connecting and you still see 0 groups, you might have the base dn in your LDAP profile set incorrectly. You need to set this either at the root, or to somewhere which is in between the root and where the users and groups are both configured.</P> Sun, 05 Jun 2022 15:50:26 GMT dmifsud 2022-06-05T15:50:26Z https://live.paloaltonetworks.com/t5/general-topics/user-id-group-mapping-not-pulling-groups/m-p/499632#M105188 <P>I have a problem, I'm&nbsp; setting the user ID group mapping, I can pull users, but not groups, I see 0 groups, I restarted the service, no luck, I verified all server monitoring is connected, and traffic is going to DC'd, the PAN-OS is 10.1.5, I have a similar setup in a pair of firewalls that are on pan-os 9.1.13 with no issues, any advice that points me in the right direction is greatly appreciated.</P> Sun, 05 Jun 2022 01:59:36 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-group-mapping-not-pulling-groups/m-p/499632#M105188 HSi-Salem 2022-06-05T01:59:36Z https://live.paloaltonetworks.com/t5/general-topics/user-id-group-mapping-not-pulling-groups/m-p/499710#M105196 <P>Server monitoring is not the same thing as group mapping. You need to configure a group mapping config under the "Group Mapping" tab.</P><P>&nbsp;</P><P>Once configured, you can start with the following command to check the actual status. It might be that there's an issue connecting to the server on LDAP or something.</P><LI-CODE lang="markup">&gt; show user group-mapping state all</LI-CODE><P>&nbsp;</P><P>The useridd log will contain the actual connection attempts to LDAP/LDAPS.</P><LI-CODE lang="markup">&gt; less mp-log useridd.log</LI-CODE><P>&nbsp;</P><P>If you already have a group mapping configured, are you able to browse your LDAP tree from the GUI under your group mapping config -&gt; group include list? If not, you likely have connectivity or authentication issues to LDAP.</P><P>&nbsp;</P><P>If the firewall is actually connecting and you still see 0 groups, you might have the base dn in your LDAP profile set incorrectly. You need to set this either at the root, or to somewhere which is in between the root and where the users and groups are both configured.</P> Sun, 05 Jun 2022 15:50:26 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-group-mapping-not-pulling-groups/m-p/499710#M105196 dmifsud 2022-06-05T15:50:26Z https://live.paloaltonetworks.com/t5/general-topics/user-id-group-mapping-not-pulling-groups/m-p/588409#M117314 <P>The fix it to include the entire path eg., cn=xxxx instead of domain\groupname and that should include the groups.</P> Thu, 30 May 2024 14:59:04 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-group-mapping-not-pulling-groups/m-p/588409#M117314 m-lobo 2024-05-30T14:59:04Z