https://live.paloaltonetworks.com/t5/general-topics/captive-portal-users-not-supplying-domain-info/m-p/17826#M12983 <HTML><HEAD></HEAD><BODY><P>This is useful information.&nbsp; I can see this working for a single domain but we have multi domains.</P><P></P><P>I suppose I could put a bogus domain name in the RADIUS profile, then at least the authentication attempts will fail and a bad ip-user-mapping will not be created.</P><P style="padding-left: 30px;"><EM>I subsequently tried this but got undesirable results.&nbsp; An authentication request with domain information is passed untouched to the RADIUS server but the resulting ip-user-mapping is created with whatever domain is set in the RADIUS profile.</EM></P><P></P><P>Thanks!&nbsp; Jeff K</P></BODY></HTML> Fri, 17 May 2013 01:35:58 GMT Jeff_K 2013-05-17T01:35:58Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-users-not-supplying-domain-info/m-p/17824#M12981 <HTML><HEAD></HEAD><BODY><P>Our captive portal is configured to use RADIUS (Cisco Secure ACS) to authenticate our AD users. The Cisco ACS will authenticate a user even if they do not include their domain information in the userid string... 'userid' rather than 'domain\userid'.&nbsp; The problem with this is that a user who authenticates with only their userid ends up with a ip-user-mapping that will not match a userid that is pulled in with the User Identification Group Mapping Settings.</P><P></P><P>Our Cisco ACS box does not appear to be able to filter the undesirable ones out.</P><P></P><P>Has anyone dealt with this already?&nbsp; Maybe there is a way to sanitize the input on the Captive portal comfort/login page?</P><P></P><P>Thanks, Jeff K</P></BODY></HTML> Thu, 16 May 2013 19:24:28 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-users-not-supplying-domain-info/m-p/17824#M12981 Jeff_K 2013-05-16T19:24:28Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-users-not-supplying-domain-info/m-p/17825#M12982 <HTML><HEAD></HEAD><BODY><P>Hi Jeff, </P><P>Try adding the domain name in the Radius Profile</P><P>Example:</P><P><IMG alt="Capture.JPG" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/6567_Capture.JPG" width="450" /></P><P></P><P>Also another good reference for similar issue can be seen here</P><P><STRONG><A _jive_internal="true" class="active_link" href="https://live.paloaltonetworks.com/message/27165#27165">https://live.paloaltonetworks.com/message/27165#27165</A></STRONG></P><P><STRONG>Hopefully this helps.</STRONG></P><P><STRONG><BR /></STRONG>Thank you</P></BODY></HTML> Thu, 16 May 2013 21:38:24 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-users-not-supplying-domain-info/m-p/17825#M12982 mbutt 2013-05-16T21:38:24Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-users-not-supplying-domain-info/m-p/17826#M12983 <HTML><HEAD></HEAD><BODY><P>This is useful information.&nbsp; I can see this working for a single domain but we have multi domains.</P><P></P><P>I suppose I could put a bogus domain name in the RADIUS profile, then at least the authentication attempts will fail and a bad ip-user-mapping will not be created.</P><P style="padding-left: 30px;"><EM>I subsequently tried this but got undesirable results.&nbsp; An authentication request with domain information is passed untouched to the RADIUS server but the resulting ip-user-mapping is created with whatever domain is set in the RADIUS profile.</EM></P><P></P><P>Thanks!&nbsp; Jeff K</P></BODY></HTML> Fri, 17 May 2013 01:35:58 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-users-not-supplying-domain-info/m-p/17826#M12983 Jeff_K 2013-05-17T01:35:58Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-users-not-supplying-domain-info/m-p/17827#M12984 <HTML><HEAD></HEAD><BODY><P>In regard to the Captive portal comfort page, it would be great if the user input form script called by &lt;pan_form/&gt; could be modified to include a field to enter the domain ... this would avoid a lot of confusion.&nbsp; Anyone know if this is possible?</P><P>Thanks, Jeff K</P></BODY></HTML> Fri, 17 May 2013 11:42:20 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-users-not-supplying-domain-info/m-p/17827#M12984 Jeff_K 2013-05-17T11:42:20Z