Problems with user mapping

Reply
Highlighted
Not applicable

Problems with user mapping

Hello.

I have a little problem with user-ip mapping i have instaled PAN Agent on a server configured it and started from what i can see it reads security logs and from there maps ip to a user. Those logs presents users as shortdomainname\user. The problem is when device have to compare it to a LDAP mapped groups where users are identified as long.domain.name\user. This way i cant use proper url-fitering using users - group association. is there any way to configure ldap to use shortdomainname or PAN agent to extend shortdoaminname to long.domain.name.

I`m using os 4.1.6 and agent 4.1.4-3.


Accepted Solutions
L5 Sessionator

Re: Problems with user mapping

Hello,

You may have your LDAP server profile configured with the FQDN domain name instead of the NETBIOS name.

The domain field for the LDAP server profile should have the NETBIOS name. Anything in this field gets prepended to the user's name.

For instance, if your domain is testdomain.com, the domain field should be:

testdomain

Here are two great documents to read over for UserID related issues and configuration in 4.1:

https://live.paloaltonetworks.com/docs/DOC-2132

https://live.paloaltonetworks.com/docs/DOC-3120

Please let me know if this helps.

-Jason

View solution in original post


All Replies
L5 Sessionator

Re: Problems with user mapping

Hello,

You may have your LDAP server profile configured with the FQDN domain name instead of the NETBIOS name.

The domain field for the LDAP server profile should have the NETBIOS name. Anything in this field gets prepended to the user's name.

For instance, if your domain is testdomain.com, the domain field should be:

testdomain

Here are two great documents to read over for UserID related issues and configuration in 4.1:

https://live.paloaltonetworks.com/docs/DOC-2132

https://live.paloaltonetworks.com/docs/DOC-3120

Please let me know if this helps.

-Jason

View solution in original post

Highlighted
Not applicable

Re: Problems with user mapping

Yes it worked thank You very much

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!