https://live.paloaltonetworks.com/t5/general-topics/ldap-groups-not-working/m-p/5004#M3667 <HTML><HEAD></HEAD><BODY><P>From what I understand you need to make sure that you LDAP attibutes are in the correct case (I could be wrong)</P><P>In your "ldap_test_profile" the login attribute i think should be "sAMAccountName" and not "samaccountname" as displayed.</P><P></P><P>Hope this helps</P></BODY></HTML> Wed, 02 Mar 2011 08:55:07 GMT migration 2011-03-02T08:55:07Z https://live.paloaltonetworks.com/t5/general-topics/ldap-groups-not-working/m-p/5002#M3665 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>for some reason we ( and many other customers ) are still experiencing issues regarding the use of ldap groups in an authenticatin profile for example SSL VPN.</P><P>We have microsoft AD as LDAP server and we went through every step in the well known following document ( eDirectory and LDAP authentication in PANOS 3 1 3.pdf)</P><P></P><P>When we specify a single LDAP user in our authentication profile , we are able to authenticate with that user , but members of LDAP groups are not working as it should be.</P><P>I made a pdf document with printscreens of our configuration ( pdf document attached ). As you can see in the document , the PA is able to read the members of the group.</P><P></P><P></P><P>Please anyone who has good advice for us ( and many other customers ) to make this work ?</P><P></P><P>thanks alot !</P><P></P><P>Securelink support !</P></BODY></HTML> Fri, 04 Feb 2011 09:29:08 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-groups-not-working/m-p/5002#M3665 OCDBE 2011-02-04T09:29:08Z https://live.paloaltonetworks.com/t5/general-topics/ldap-groups-not-working/m-p/5003#M3666 <HTML><HEAD></HEAD><BODY><P>It looks like you are using the 4.0 BETA software. Is this correct?</P><P></P><P>Are you utilizing the SSL VPN client or the Global Protect client? </P><P></P><P>-Benjamin</P></BODY></HTML> Mon, 07 Feb 2011 23:17:29 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-groups-not-working/m-p/5003#M3666 bpappas 2011-02-07T23:17:29Z https://live.paloaltonetworks.com/t5/general-topics/ldap-groups-not-working/m-p/5004#M3667 <HTML><HEAD></HEAD><BODY><P>From what I understand you need to make sure that you LDAP attibutes are in the correct case (I could be wrong)</P><P>In your "ldap_test_profile" the login attribute i think should be "sAMAccountName" and not "samaccountname" as displayed.</P><P></P><P>Hope this helps</P></BODY></HTML> Wed, 02 Mar 2011 08:55:07 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-groups-not-working/m-p/5004#M3667 migration 2011-03-02T08:55:07Z https://live.paloaltonetworks.com/t5/general-topics/ldap-groups-not-working/m-p/5005#M3668 <HTML><HEAD></HEAD><BODY><P>in this case the domain needed to be removed from the ldap config since the domain only needs to be filled in when a panagent is also present</P></BODY></HTML> Wed, 02 Mar 2011 13:22:21 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-groups-not-working/m-p/5005#M3668 reaper 2011-03-02T13:22:21Z