https://live.paloaltonetworks.com/t5/general-topics/captive-portal-ldap-authentication-question/m-p/33096#M24254 <HTML><HEAD></HEAD><BODY><P>Thank you. I figured out the issue just now. I had to add the sAMAccountName value for Login Attribute under the LDAP Authentication Profile. </P></BODY></HTML> Mon, 16 Sep 2013 18:16:50 GMT LouisScaringella 2013-09-16T18:16:50Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-ldap-authentication-question/m-p/33094#M24252 <HTML><HEAD></HEAD><BODY><P>Thank you for your time. I have a lab setup with a PA-500 and a Windows 2008 server with Active Directory. I have a single user in the trust zone on the Palo and I am trying to get Captive portal working for User-ID mappings of unknown users. I have my LDAP server profile and I have my user/group mappings working just fine with that, however, when I attempt to use the LDAP authentication profile in Device&gt;User Identification&gt;Captive Portal Settings which references that LDAP server profile, authentication fails.</P><P></P><P>The user does get redirected to the web form and I put the credentials in and it fails to authenticate. When I do a packet capture on the Windows server, I see the LDAP bind request and it is successful. It then appears to be searching the directory and shows a success with 0 results. I am not too familiar with the inner workings of LDAP. Any ideas as to why authentication fails? I know I am entering in the correct username and password because I can login to the test domain I have setup on the host laptop. Does the username have to be in a certain format? I am not user SSL with LDAP in this scenario. </P></BODY></HTML> Mon, 16 Sep 2013 17:19:50 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-ldap-authentication-question/m-p/33094#M24252 LouisScaringella 2013-09-16T17:19:50Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-ldap-authentication-question/m-p/33095#M24253 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>In my opinion You should start with check if you put netbios name of your AD domain in ldap profile.</P><P>This topic could be usefull for You <A href="https://live.paloaltonetworks.com/thread/5050">problem with groups in user-id mapping</A></P><P></P><P>Check also system log for logs related to AD authentication. If You will sure that above is working You can start with Captive Portal</P><P></P><P>ANother thing - Make sure user identification is enabled on the ingress zone - please read <A href="https://live.paloaltonetworks.com/docs/DOC-1040">Troubleshooting Captive Portal </A></P><P></P><P>Regards</P><P>SLawek</P></BODY></HTML> Mon, 16 Sep 2013 18:13:20 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-ldap-authentication-question/m-p/33095#M24253 _slv_ 2013-09-16T18:13:20Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-ldap-authentication-question/m-p/33096#M24254 <HTML><HEAD></HEAD><BODY><P>Thank you. I figured out the issue just now. I had to add the sAMAccountName value for Login Attribute under the LDAP Authentication Profile. </P></BODY></HTML> Mon, 16 Sep 2013 18:16:50 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-ldap-authentication-question/m-p/33096#M24254 LouisScaringella 2013-09-16T18:16:50Z