https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38141#M27945 <HTML><HEAD></HEAD><BODY><P>Which PANOS is running on your box ?</P></BODY></HTML> Tue, 19 Feb 2013 13:21:41 GMT gafrol 2013-02-19T13:21:41Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38135#M27939 <HTML><HEAD></HEAD><BODY><P>We have set up GP to authenticate against an AD server . User group mapping has done and u can pull the users . However, whenever you try to connect with one of the&nbsp; users from the GP client or portal web page ,&nbsp; you get authentication&nbsp; fails message . Connecting with local db works fine . Any ideas ? I saw an article about spaces in the authentication profile . The profile has no space it is called localAD. </P></BODY></HTML> Tue, 19 Feb 2013 11:00:07 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38135#M27939 usvi 2013-02-19T11:00:07Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38136#M27940 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I don't know what the problem with LDAP against AD could be in your case, but for the same purpose I am using a Kerberos Server Profile and a Kerberos Authentiction Profile in order to authenticate GP users against our MS AD. It looks like this</P><P></P><P><IMG alt="Capture.PNG" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/5671_Capture.PNG" width="450" /></P><P></P><P><IMG alt="Capture.PNG" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/5672_Capture.PNG" width="450" /></P><P></P><P>Maybe you can give it a try ?</P><P></P><P>Roland</P></BODY></HTML> Tue, 19 Feb 2013 11:07:59 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38136#M27940 gafrol 2013-02-19T11:07:59Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38137#M27941 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>Upgraded the client to 1.2.1 now localdb doesn't work . I do get the cert error and allow it to import it </P></BODY></HTML> Tue, 19 Feb 2013 11:26:23 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38137#M27941 usvi 2013-02-19T11:26:23Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38138#M27942 <HTML><HEAD></HEAD><BODY><P>Did that and still doesnt work</P></BODY></HTML> Tue, 19 Feb 2013 12:15:21 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38138#M27942 usvi 2013-02-19T12:15:21Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38139#M27943 <HTML><HEAD></HEAD><BODY><P>Take small steps. Does localdb authentication work again ?</P></BODY></HTML> Tue, 19 Feb 2013 12:32:45 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38139#M27943 gafrol 2013-02-19T12:32:45Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38140#M27944 <HTML><HEAD></HEAD><BODY><P>Yes . It does . I had to downgrade to 1.1.6 and use the original cert that was created when the box was deployed . Now I connect using local db , still no AD nor Kerberos connectivity </P></BODY></HTML> Tue, 19 Feb 2013 12:42:13 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38140#M27944 usvi 2013-02-19T12:42:13Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38141#M27945 <HTML><HEAD></HEAD><BODY><P>Which PANOS is running on your box ?</P></BODY></HTML> Tue, 19 Feb 2013 13:21:41 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38141#M27945 gafrol 2013-02-19T13:21:41Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38142#M27946 <HTML><HEAD></HEAD><BODY><P>4.1.8 .&nbsp; Had to call TAC and they got to work . DN binding was incorrect and we missed the samaccountname under ldap authentication&nbsp; profile .</P></BODY></HTML> Tue, 19 Feb 2013 14:58:23 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38142#M27946 usvi 2013-02-19T14:58:23Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38143#M27947 <HTML><HEAD></HEAD><BODY><P>That's why I'm using Kerberos for authentication, it's much easier no fiddling around with bindings and samaccountnames etc.</P></BODY></HTML> Tue, 19 Feb 2013 15:14:40 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38143#M27947 gafrol 2013-02-19T15:14:40Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38144#M27948 <HTML><HEAD></HEAD><BODY><P>I guess , we shall use Kerberos on other deployments</P></BODY></HTML> Tue, 19 Feb 2013 16:55:45 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-authentication-with-ldap-fails/m-p/38144#M27948 usvi 2013-02-19T16:55:45Z