topic Active Directory Users not Authenticating to GP in General Topics

Active Directory Users not Authenticating to GP

rsaber — Mon, 08 Sep 2014 11:54:55 GMT

Hi,

We configured agentless User-ID with our PAN OS 5.0.2. We created policies using the AD usernames and it is working fine.

However, We are trying to configure our GP to authenticate using the AD users. This is not working and we are getting the following error when trying to login:

User is not in allowlist

description contains 'User \'abc\user1\' failed authentication. Reason: User is not in allowlist From: 8.8.8.8

Then invalid user and password

description contains 'User \'abc\user1\' failed authentication. Reason: Invalid username/password From: 8.8.8.8.

We are also regularly receiving this error:

( description contains 'ldap cfg ABC failed to connect to server 1.1.1.1:389, source: 2.2.2.2: Strong(er) authentication required' )

Any suggestions?

Re: Active Directory Users not Authenticating to GP

reaper — Mon, 08 Sep 2014 12:15:44 GMT

It looks like your serverprofile is enabled to use ssl while accessing the non-ssl port

you may need to review the authentication profile and correct the ldap information

it should look a little like this:

Re: Active Directory Users not Authenticating to GP

HULK — Mon, 08 Sep 2014 13:41:26 GMT

Hello Rsaber,

Just for testing, Could you please let us know when the allow list is set to 'all', the authentication succeed or not....? ( instead of defining a specific groups/users).

Thanks

Re: Active Directory Users not Authenticating to GP

GLastra — Mon, 08 Sep 2014 19:35:39 GMT

If you're not using the management server to reach your LDAP could be a service route issue.

LDAP Authentication Fails When Using a User-ID Service Route