topic Reason: User is not in allowlist in General Topics https://live.paloaltonetworks.com/t5/general-topics/reason-user-is-not-in-allowlist/m-p/177903#M55431 <P><SPAN>User 'steven.williams.da' failed authentication. Reason: User is not in allowlist From: ltdlqq6h2.domain.lan</SPAN></P><P>&nbsp;</P><P>short name: domain\paloaltoadmins<BR />source type: ldap<BR />source: Network_Administrators</P><P>[1 ] domain\steven.williams.da</P><P>&nbsp;</P><P>Authentication profile contains the user group paloaltoadmins using the LDAP server profile. Created user in local admin and addigned it the authetication profile. Still errors. Where can you get more details within a log for this, there has to be something deeper than this generic error.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 20 Sep 2017 17:50:11 GMT s.williams1 2017-09-20T17:50:11Z Reason: User is not in allowlist https://live.paloaltonetworks.com/t5/general-topics/reason-user-is-not-in-allowlist/m-p/177903#M55431 <P><SPAN>User 'steven.williams.da' failed authentication. Reason: User is not in allowlist From: ltdlqq6h2.domain.lan</SPAN></P><P>&nbsp;</P><P>short name: domain\paloaltoadmins<BR />source type: ldap<BR />source: Network_Administrators</P><P>[1 ] domain\steven.williams.da</P><P>&nbsp;</P><P>Authentication profile contains the user group paloaltoadmins using the LDAP server profile. Created user in local admin and addigned it the authetication profile. Still errors. Where can you get more details within a log for this, there has to be something deeper than this generic error.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 20 Sep 2017 17:50:11 GMT https://live.paloaltonetworks.com/t5/general-topics/reason-user-is-not-in-allowlist/m-p/177903#M55431 s.williams1 2017-09-20T17:50:11Z Re: Reason: User is not in allowlist https://live.paloaltonetworks.com/t5/general-topics/reason-user-is-not-in-allowlist/m-p/178015#M55450 <P>So you have group&nbsp;<SPAN>domain\paloaltoadmins in your domain?</SPAN></P><P>&nbsp;</P><P><SPAN>You can use command below to check what Palo thinks in which AD group user is.</SPAN></P><P><SPAN>Maybe you need to edit&nbsp;Device &gt; User Identification &gt; Group Mapping Settings &gt; Group Include List</SPAN></P><P>&nbsp;</P><P>&gt; show user user-ids match-user&nbsp;<SPAN>steven.williams.da</SPAN></P> Thu, 21 Sep 2017 05:01:05 GMT https://live.paloaltonetworks.com/t5/general-topics/reason-user-is-not-in-allowlist/m-p/178015#M55450 Raido_Rattameister 2017-09-21T05:01:05Z