Configuring User-Id With Radius

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Configuring User-Id With Radius

L1 Bithead

Hello Dear Community,

 

I have a client who wants view user-id users name of the radius server on Palo Alto Logs (Like happens with LDAP Active Directory)

 

The SO of the Radius Server is Windows Server 2008. I saw there is a link on Palo Alto KBs to configure the user-id for Radius users from the Syslog Server:

 

https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/user-id/configure-user-id-to-receive...

 

But in this case, the customer has a Syslog but is not sending the Radius User logging to the Syslog, So I cannot apply this procedure.

 

Are there another form to do this?

 

Regards,

Aitor

8 REPLIES 8

L3 Networker

We use Aruba ClearPass for authentication, and there is a supported solution for integration between ClearPass and PA. Don't know if it's any help for you. It uses XML API.

 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default...

 

Thanks for your answer.

 

I'm not sure if this will works on Windows Enviroment but atleast It gave me some good ideas to test a connection with the customer and get some data. Maybe with this I can build the necessary solution.

 

Regards,

Aitor

Cyber Elite
Cyber Elite

Hello,

Which RADIUS software are they using? Also does the RADIUS software log to the Security logs on the windows box?

 

Regards,

Hello.

 

Yes, I think they are logging the Radius Logs on Security Events of Windows. That something that I want to try and I am preparing, but i'm not pretty sure about how exactly works in order to configure it. Is on Server Monitoring like an active Directory? They are using the Radius Server also as User-ID agent so I think that is a good option to do it.4

 

Would you have some considerations about this?

 

Thanks!

Aitor

L1 Bithead

Hello,

 

Our environment is the following:

 

-WiFi Users authenticates against RADIUS connecting through Cisco WCS

-RADIUS server is a Windows Server 2008 R2 with NPS services. This Device is also working as user-id Agent

-Saw that users coming from WiFi Networks does not show the User-ID since they are being authenticated agaisnt Radius.

 

Now, the question is: How we can see the user-id names of Wi-Fi users on Palo Alto Logs. I was able to do it on my lab configuring a Radius Authentication Profile and a Radius Server (Windows 2008 R2)

 

The links was very usefull to build my lab, but i'm not sure about if this will work on this enviroment (The users passes for the WCS first)

 

Any Suggestion?

 

Regards,

Aitor

Have a look at this article, particularly the Comments section:

 

https://live.paloaltonetworks.com/t5/Integration-Articles/Use-Syslog-Receiver-to-Integrate-with-Cisc...

 

Ok. That was very usefull. I will check that!

  • 14921 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!