https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8622#M6356 <HTML><HEAD></HEAD><BODY><P>Did you ever changed timeout settings on User-id client? If not, then go ahead and change the value to 120 from 45, then commit on user-id client. Reset the connection one more time "<SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #ffffff;">debug user-id reset user-id-agent &lt;name&gt;</SPAN>". And see if mapping is stable.</P><P></P><P><IMG alt="snap_shot.PNG" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/4438_snap_shot.PNG" width="450" /></P></BODY></HTML> Thu, 11 Oct 2012 13:09:05 GMT ssharma 2012-10-11T13:09:05Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8619#M6353 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P>I got a problem when I use captive portal authenticated by user AD</P><P>- First, I install Palo Alto User Agent on AD machine, this job worked fine. On the traffic log of PA, I saw User AD.</P><P>- After that, I configure captive portal on PA and it works too, the user AD no need to login to Captive Portal (CP) and user not in AD must login via CP to use network resources. But after 30 mins, the problem occur some of users already in AD must login via CP to use network resources too. And after one day, all of users AD must login via CP.</P><P>- The PAN OS that I used is 4.1.7 and the User Agent version 4.1.4-3</P><P></P><P></P><P>Anyone met this issue? Any advise? Please help, thank so much.</P></BODY></HTML> Thu, 11 Oct 2012 01:23:42 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8619#M6353 nguyenma 2012-10-11T01:23:42Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8620#M6354 <HTML><HEAD></HEAD><BODY><P>Seems like there is some issue with user to ip-mapping. First check user-id agent status :</P><P></P><P>show user user-id-agent state all</P><P></P><P>Agent: usr_id(vsys: vsys1) Host: &lt;agent-ip&gt;:5007</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Status&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : conn:idle(Connected to &lt;agent-ip&gt;(source: mgt-ip))</P><P></P><P>It should say "connected". Also on the agent, check if you are seeing users and also make sure user-id agent service is running. </P><P></P><P>One of the option that you can try is to reset the connection between user-id agent and firewall :</P><P></P><P>debug user-id reset user-id-agent &lt;name&gt;</P><P></P><P>After above, run "show user ip-user-mapping all". You should all your users. This should resolve your issue. Thanks.</P></BODY></HTML> Thu, 11 Oct 2012 02:12:37 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8620#M6354 ssharma 2012-10-11T02:12:37Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8621#M6355 <HTML><HEAD></HEAD><BODY><P>Thank for your reply,</P><P>I already checked the agent status, it shows "connected". I also reset the connection, it can help but after a period of time, it happen again although the agent status still "connected". I think this is OS bug. Any advise?</P></BODY></HTML> Thu, 11 Oct 2012 05:11:20 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8621#M6355 nguyenma 2012-10-11T05:11:20Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8622#M6356 <HTML><HEAD></HEAD><BODY><P>Did you ever changed timeout settings on User-id client? If not, then go ahead and change the value to 120 from 45, then commit on user-id client. Reset the connection one more time "<SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #ffffff;">debug user-id reset user-id-agent &lt;name&gt;</SPAN>". And see if mapping is stable.</P><P></P><P><IMG alt="snap_shot.PNG" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/4438_snap_shot.PNG" width="450" /></P></BODY></HTML> Thu, 11 Oct 2012 13:09:05 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8622#M6356 ssharma 2012-10-11T13:09:05Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8623#M6357 <HTML><HEAD></HEAD><BODY><P>Thank you very much for your help. I think it stable now <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Thu, 11 Oct 2012 14:07:07 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-captive-portal-authenticated-by-user-ad/m-p/8623#M6357 nguyenma 2012-10-11T14:07:07Z