Global protect users dont pass authentication

L4 Transporter

Global protect users dont pass authentication

Hello all

we have PA in production.The problem is VPN users dont pass by certain authentication profile.The issue is that when we point user it is ok but when we point some group it fails to authenticate

we test through CLI and that is result

 

test authentication authentication-profile VPN_LDAP username eradmin password
Enter password :
 
Allow list check error:
Target vsys is not specified, user "eradmin" is assumed to be configured with
a shared auth profile.
 
Do allow list check before sending out authentication request...
User eradmin is not allowed with authentication profile VPN_LDAP 

 

This eradmin user is the member of VPN-USERS group.When we point this user separately it is ok but inside the group it fail to authenticate

 

Model is 820

PAN OS- 8.0.7

L7 Applicator

Re: Global protect users dont pass authentication

@Radmin_85,

If you run the command as stated below, switching the info out with your group, does the firewall properly poll the group and display the requesting user? 

show user group name cn=palo--lab-admin-users,ou=groups,ou=lab-enviroment,dc=lab,dc=root,dc=local
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!