https://live.paloaltonetworks.com/t5/general-topics/user-to-ip-mapping-with-ldap/m-p/72158#M41006 <P>I have a pa 3020 running 6.0.8 doing LDAP lookups to multiple edir servers,</P> <P>&nbsp;</P> <P>I have many users that PA shows as unknown but when I look on the server I see they are logged in x.x.x.x</P> <P>Why does this work for some but not all?</P> <P>&nbsp;</P> <P>I have done the following:</P> <P>debug user-id refresh user-id agent all</P> <P>debug software restart user-id</P> <P>show user server-monitor state CHS1 (which shows it connected 2 seconds ago)</P> <P>&nbsp;</P> <P>Thanks</P> <P>Tom</P> Thu, 04 Feb 2016 15:19:31 GMT ccboe 2016-02-04T15:19:31Z https://live.paloaltonetworks.com/t5/general-topics/user-to-ip-mapping-with-ldap/m-p/72158#M41006 <P>I have a pa 3020 running 6.0.8 doing LDAP lookups to multiple edir servers,</P> <P>&nbsp;</P> <P>I have many users that PA shows as unknown but when I look on the server I see they are logged in x.x.x.x</P> <P>Why does this work for some but not all?</P> <P>&nbsp;</P> <P>I have done the following:</P> <P>debug user-id refresh user-id agent all</P> <P>debug software restart user-id</P> <P>show user server-monitor state CHS1 (which shows it connected 2 seconds ago)</P> <P>&nbsp;</P> <P>Thanks</P> <P>Tom</P> Thu, 04 Feb 2016 15:19:31 GMT https://live.paloaltonetworks.com/t5/general-topics/user-to-ip-mapping-with-ldap/m-p/72158#M41006 ccboe 2016-02-04T15:19:31Z https://live.paloaltonetworks.com/t5/general-topics/user-to-ip-mapping-with-ldap/m-p/72162#M41007 <P>Unknown comes when you have enable the user identificate on the zone but firewall doesn't have the user-ip mapping for the ip address.</P> <P>&nbsp;</P> <P>Have you configured agentless or agent configuration for user-ip mapping. Make sure you add all the domain controller. Check if you have configured any Included/Exclude list or not.</P> <P>&nbsp;</P> <P>Hope this helps.</P> Thu, 04 Feb 2016 17:20:31 GMT https://live.paloaltonetworks.com/t5/general-topics/user-to-ip-mapping-with-ldap/m-p/72162#M41007 pankaku 2016-02-04T17:20:31Z https://live.paloaltonetworks.com/t5/general-topics/user-to-ip-mapping-with-ldap/m-p/72365#M41067 <P>Make sure the user &nbsp;name which &nbsp; you are using have proper permission &nbsp;to read the log events</P> <P>&nbsp;</P> <P>Try using admin name and credentials to see if that make any change ( if you are not usning admin user )&nbsp;</P> Mon, 08 Feb 2016 14:29:35 GMT https://live.paloaltonetworks.com/t5/general-topics/user-to-ip-mapping-with-ldap/m-p/72365#M41067 tsrivastav 2016-02-08T14:29:35Z