Mac Users and User-ID

Reply
Not applicable

Mac Users and User-ID

Is there a way to identify Mac users without turning captive-port on and having them login to get to the web?  We are willing to do a mac address reservation so the user gets the same IP.  We would really like to put this in without any real changes to the users.  Thanks for any help on this.

L4 Transporter

Re: Mac Users and User-ID

You have 3 options for MAC user identification.

1) Captive Portal

2) Install a client that will do AD login

3) Make them connect via SSL VPN and surf through the VPN.

Steve Krall

Highlighted
L4 Transporter

Re: Mac Users and User-ID

I can confirm making them join AD in Snow Leopard works great. We track about 200+ Macs that way.

L4 Transporter

Re: Mac Users and User-ID

Hi Guys,

I am kind of facing the same issue.  Is it possible for you guys to share on how you got it working?  My client is using Snow Leopard version 10.1.6 I reckon (I am not an Apple geek, hence very limited knowledge). The MAC users are turning out as "unknown" users on the User-ID agent.

Any help or guidance on this would be great.

Thanks in advance.

Kind Regards,

Kalyan

L4 Transporter

Re: Mac Users and User-ID

Is there really no other way other than the three options listed? We have an all Mac/Linux environment. It would be impossible to deploy a Windows AD server for this. To have 300+ users log in via a web form each time they want to get on the internet isn't really an option. We'd have the same problems requesting them to all use the SSL VPN as well, especially when they are in the office. Is there not an agent for Linux LDAP/Radius environments? Are there any plans for one?

L7 Applicator

Re: Mac Users and User-ID

You can get User-ID to work with OpenDirectory, but it requires a script using the XML API. That is not supported by Palo Alto Networks support, but it's worth looking at. Essentially you would take login events on your OpenDirectory server and syslog those events. Parse through the data and use the API to send those to the User-ID Agent.

Here's a popular document that a lot of folks are using:

UserID API integration using Syslog

Good luck!

Greg Wesson

L4 Transporter

Re: Mac Users and User-ID

I have had success with using the Exchange log monitor.  Of course that will only work if you have an internal Exchange server.  This is one reason I will not be taking our students to GMail anytime soon.

Bob

L4 Transporter

Re: Mac Users and User-ID

Are the Macs joined to Active Directory?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!