topic Global protect AD strange issue in General Topics

Global protect AD strange issue

SThatipelly — Thu, 20 Jun 2019 12:43:40 GMT

I have a strange and critical issue. I have Always-on type global protect with cert based username and OTP authentication method on handful of user machines. I have set the captive portal timeout for 0 and enforce network access under portal app settings.

these users each have 2 machines.whenever the user changes his AD password on a different machine, the one with globalprotect doesn't connect to the network and says the connection is unauthenticated. How does GP interfere with user AD creds? As I mentioned earlier, I am using firewall issued certificate and RADIUS based OTP authentication method.

TIA.

Re: Global protect AD strange issue

Mick_Ball — Thu, 20 Jun 2019 15:14:47 GMT

Although you are not using SSO, you could set "Use single sign-on (windows only)" to "No" in your portal app config.

may seem a bit random but it has caused me issues in the past.

Re: Global protect AD strange issue

SThatipelly — Thu, 20 Jun 2019 16:14:38 GMT

@Mick_Ball thank you so much for the suggestion. I am going to try it now. Did this fix your issue?

Re: Global protect AD strange issue

Mick_Ball — Thu, 20 Jun 2019 16:23:56 GMT

it did fix my issue but for a different reason.

after a version update the authentication overide was not working correctly and in the system log on the firewall i could see the AD username failing OTP. the username for the OTP was different to the AD account so thats what gave it away..

I only offer it as a suggestion as this is the only setting I know regarding AD auth...