07-27-2018 09:15 AM
8.1.2 platform
LDAP user with a space in the username "john smith@ldap.com"
Auth profile with sAMAccountName working fine for "john smith" tested from cli
GlobalProtect with single factor LDAP auth working fine externally for "john smith"
Auth policy for MFA to duo push working fine for "test.user" but not for "john smith"
Aliases tried but just doesnt work for Duo push when there is a space in the username.
There's no failed auth attempt logged in Duo but you dont get that much logging information from Duo so short of a PCAP, not sure if the problem is Palo not sending the auth request or Duo not liking it.
Anybody else got this working?
I tried creating a local user on lab firewall but it doesnt allow a space in username. Traffic logs will look different since the auth fails somewhere but which log will show if the Palo sends the auth in the same way? Or is it a TLS decrypted PCAP of the API required?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
