https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67685#M39638 <P>Hi All,</P> <P>&nbsp;</P> <P>I have configured everything correct. But no entry in LDAP server security logs while I try to login paloalto Web UI using LDAP profile.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Here at pan I can retrieve the all group user. I have configured the auth.</P> <P>Profile to 'all' entry in allow list..tried both domain\username(captive portal working fine with this format) and username alone..Pls suggest</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>admin@paloalto&gt; tail follow yes mp-log authd.log</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.826 +0530 debug:</P> <P>pan_auth_request_process(pan_auth_state_engine.c:1537): Trying to</P> <P>authenticate: &lt;profile: "", vsys: "", username "cslworld\paloaltotest"&gt;</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.827 +0530 debug:</P> <P>_get_auth_prof_detail(pan_auth_util.c:928): "cslworld\paloaltotest" is an admin user</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.849 +0530 Error:</P> <P>pan_auth_cache_get_admin_authprof(pan_auth_cache_adminusers.c:222): No default auth profile found for username paloaltotest</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.849 +0530 Error:</P> <P>_get_admin_authentication_profile_by_name(pan_auth_util.c:501): No admin auth prof found with the name paloaltotest</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.849 +0530 Error:</P> <P>_get_admin_authentication_profile(pan_auth_util.c:546): No auth prof/vsys is found for admin user "paloaltotest"</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.849 +0530 Error:</P> <P>pan_get_authprofile_n_setting(pan_auth_util.c:1029): Failed to get authentication profile for admin cslworld\paloaltotest</P> Thu, 05 Nov 2015 08:03:21 GMT Javith 2015-11-05T08:03:21Z https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67685#M39638 <P>Hi All,</P> <P>&nbsp;</P> <P>I have configured everything correct. But no entry in LDAP server security logs while I try to login paloalto Web UI using LDAP profile.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Here at pan I can retrieve the all group user. I have configured the auth.</P> <P>Profile to 'all' entry in allow list..tried both domain\username(captive portal working fine with this format) and username alone..Pls suggest</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>admin@paloalto&gt; tail follow yes mp-log authd.log</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.826 +0530 debug:</P> <P>pan_auth_request_process(pan_auth_state_engine.c:1537): Trying to</P> <P>authenticate: &lt;profile: "", vsys: "", username "cslworld\paloaltotest"&gt;</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.827 +0530 debug:</P> <P>_get_auth_prof_detail(pan_auth_util.c:928): "cslworld\paloaltotest" is an admin user</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.849 +0530 Error:</P> <P>pan_auth_cache_get_admin_authprof(pan_auth_cache_adminusers.c:222): No default auth profile found for username paloaltotest</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.849 +0530 Error:</P> <P>_get_admin_authentication_profile_by_name(pan_auth_util.c:501): No admin auth prof found with the name paloaltotest</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.849 +0530 Error:</P> <P>_get_admin_authentication_profile(pan_auth_util.c:546): No auth prof/vsys is found for admin user "paloaltotest"</P> <P>&nbsp;</P> <P>2015-11-05 12:35:02.849 +0530 Error:</P> <P>pan_get_authprofile_n_setting(pan_auth_util.c:1029): Failed to get authentication profile for admin cslworld\paloaltotest</P> Thu, 05 Nov 2015 08:03:21 GMT https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67685#M39638 Javith 2015-11-05T08:03:21Z https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67698#M39648 <P>Can you share the authentication profile that you have created for the authentication to GUI.</P> Thu, 05 Nov 2015 14:31:30 GMT https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67698#M39648 pankaku 2015-11-05T14:31:30Z https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67796#M39677 <P>Hi Kumar,</P> <P>&nbsp;</P> <P>I have created the auth. profile in device tab with all entry in allow list as per kb.</P> <P>&nbsp;</P> <P>what is the auth. profile in device-&gt;setup tab?..on PAN-OS 7.0.3</P> Sun, 08 Nov 2015 16:20:59 GMT https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67796#M39677 Javith 2015-11-08T16:20:59Z https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67799#M39678 <P>configured as per this KB:&nbsp;<A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/Using-LDAP-to-Authenticate-to-the-Web-UI/ta-p/53445" target="_blank">https://live.paloaltonetworks.com/t5/Configuration-Articles/Using-LDAP-to-Authenticate-to-the-Web-UI/ta-p/53445</A></P> Mon, 09 Nov 2015 04:25:34 GMT https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67799#M39678 Javith 2015-11-09T04:25:34Z https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67802#M39680 <P>make sure that the authentication profile has a login attribute "sAMAcount" which is case sensitive, also when you add a new administrator add it only by username that is available in the LDAP server "note that there is no autocompletion" , the firewall will authenticate this user using the LDAP server.</P> Mon, 09 Nov 2015 05:59:54 GMT https://live.paloaltonetworks.com/t5/general-topics/web-ui-authentication-ldap-fails/m-p/67802#M39680 AHlaiel 2015-11-09T05:59:54Z