https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-profile-missing-when-trying-to-add/m-p/191527#M57674 <P>Excellent advice! Problem solved!</P><P>&nbsp;</P><P>For the record, I had to recreate my server profile in "shared" and then create a new authentication profile in "shared" as well. Once that was done I was able to create administrators using the "shared profile" and they were able to successfully log in.</P><P>&nbsp;</P><P>Thanks so much for your help!</P> Wed, 13 Dec 2017 14:46:13 GMT jakeevans 2017-12-13T14:46:13Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-profile-missing-when-trying-to-add/m-p/191354#M57654 <P>I have created an authentication profile utilizing a connection to the LDAP servers. When I try to add an Administrator I am unable to select this authentication profile from the drop down menu. All that is available is "none."</P><P>&nbsp;</P><P>I think that my server and authentication profiles are set up correctly as I am able to test the authentication profile using the commend line as follows:</P><P>&nbsp;</P><P>admin@ddc-rt-fw-vpn-q08-2 vsys1&gt; test authentication authentication-profile Auth-LDAP username u0852540 password<BR />Enter password :</P><P>Target vsys: vsys1</P><P>Do allow list check before sending out authentication request...<BR />name "ad\u0852540" is in group "all"</P><P>Authentication to LDAP server at <STRONG>X.X.X.X</STRONG> for user "u0852540"<BR />Egress: <STRONG>X.X.X.X</STRONG><BR />Type of authentication: GSSAPI<BR />Starting LDAPS connection...<BR />Succeeded to create a session with LDAP server<BR />DN sent to LDAP server: CN=u0852540,OU=People,DC=ad,DC=<STRONG>XXX</STRONG>,DC=edu<BR />User expires in days: never</P><P>Authentication succeeded for user "u0852540"</P><P>&nbsp;</P><P>Any thoughts or suggestions would be greatly appreciated.</P><P>&nbsp;</P><P>Thanks!!</P> Tue, 12 Dec 2017 17:26:09 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-profile-missing-when-trying-to-add/m-p/191354#M57654 jakeevans 2017-12-12T17:26:09Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-profile-missing-when-trying-to-add/m-p/191506#M57669 <P>I think you created the authentication profile in vsys1</P> <P>&nbsp;</P> <P>administrators are system level, so they can only use authentication profiles that are 'shared'</P> Wed, 13 Dec 2017 12:12:32 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-profile-missing-when-trying-to-add/m-p/191506#M57669 reaper 2017-12-13T12:12:32Z https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-profile-missing-when-trying-to-add/m-p/191527#M57674 <P>Excellent advice! Problem solved!</P><P>&nbsp;</P><P>For the record, I had to recreate my server profile in "shared" and then create a new authentication profile in "shared" as well. Once that was done I was able to create administrators using the "shared profile" and they were able to successfully log in.</P><P>&nbsp;</P><P>Thanks so much for your help!</P> Wed, 13 Dec 2017 14:46:13 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-authentication-profile-missing-when-trying-to-add/m-p/191527#M57674 jakeevans 2017-12-13T14:46:13Z