https://live.paloaltonetworks.com/t5/general-topics/ad-interation-and-recently-created-user-problem/m-p/27882#M20332 <HTML><HEAD></HEAD><BODY><P>Hello</P><P>You said that the user was not part of any group. As such, have you added that user to the Authentication profile for GP Portal / GW as an individual user there?</P><P>You can do the reset command - as that forces the LDAP server to pull all the users/ groups from the AD again (before its hourly update).</P><P>If you add a new user to a group or to AD, the firewall groups ought to be reset so as to pull any new users / groups on the AD</P></BODY></HTML> Sat, 26 Jul 2014 07:40:58 GMT sjamaluddin 2014-07-26T07:40:58Z https://live.paloaltonetworks.com/t5/general-topics/ad-interation-and-recently-created-user-problem/m-p/27880#M20330 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>I'm using user ID with agents on DC. Today I got strange problem.</P><P>I created new user and I try to logon to GP portal and user GP client. Everytime I got in logs invalid username or password.</P><P></P><P>I know:</P><P></P><P>&gt;debug user-id refresh group-mapping all&nbsp; (non-intrusive command)</P><P>This command will only fetch the delta/ difference value from the active directory</P><P>&gt; debug user-id reset group-mapping all&nbsp; (intrusive command)</P><P></P><P>but it's for group, this user doesn't belogs to any of mapped group.</P><P></P><P>How to force refresh this user?</P><P></P><P></P><P>Regards</P><P>SLawek</P></BODY></HTML> Tue, 01 Apr 2014 11:38:47 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-interation-and-recently-created-user-problem/m-p/27880#M20330 _slv_ 2014-04-01T11:38:47Z https://live.paloaltonetworks.com/t5/general-topics/ad-interation-and-recently-created-user-problem/m-p/27881#M20331 <HTML><HEAD></HEAD><BODY><P>Simple GP authentication shouldn't be affected by any refresh.</P><P>If authentication for existing users are working properly (otherwise I would have requested you to check for LDAP conenctivity),</P><P>check what you see in authd logs? </P><P></P><P>Did you try a tcpdump or pcap of the interesting traffic on Palo Alto firewall?</P><P>Did you check on DC for user authentication logs?</P><P></P><P>Possibly this will help you narrow down.</P></BODY></HTML> Tue, 01 Apr 2014 13:40:28 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-interation-and-recently-created-user-problem/m-p/27881#M20331 prb 2014-04-01T13:40:28Z https://live.paloaltonetworks.com/t5/general-topics/ad-interation-and-recently-created-user-problem/m-p/27882#M20332 <HTML><HEAD></HEAD><BODY><P>Hello</P><P>You said that the user was not part of any group. As such, have you added that user to the Authentication profile for GP Portal / GW as an individual user there?</P><P>You can do the reset command - as that forces the LDAP server to pull all the users/ groups from the AD again (before its hourly update).</P><P>If you add a new user to a group or to AD, the firewall groups ought to be reset so as to pull any new users / groups on the AD</P></BODY></HTML> Sat, 26 Jul 2014 07:40:58 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-interation-and-recently-created-user-problem/m-p/27882#M20332 sjamaluddin 2014-07-26T07:40:58Z