ldap groups not working

Highlighted
L2 Linker

ldap groups not working

Hello,

for some reason we ( and many other customers ) are still experiencing issues regarding the use of ldap groups in an authenticatin profile for example SSL VPN.

We have microsoft AD as LDAP server and we went through every step in the well known following document ( eDirectory and LDAP authentication in PANOS 3 1 3.pdf)

When we specify a single LDAP user in our authentication profile , we are able to authenticate with that user , but members of LDAP groups are not working as it should be.

I made a pdf document with printscreens of our configuration ( pdf document attached ). As you can see in the document , the PA is able to read the members of the group.

Please anyone who has good advice for us ( and many other customers ) to make this work ?

thanks alot !

Securelink support !

Tags (4)
L6 Presenter

Re: ldap groups not working

It looks like you are using the 4.0 BETA software. Is this correct?

Are you utilizing the SSL VPN client or the Global Protect client?

-Benjamin

L0 Member

Re: ldap groups not working

From what I understand you need to make sure that you LDAP attibutes are in the correct case (I could be wrong)

In your "ldap_test_profile" the login attribute i think should be "sAMAccountName" and not "samaccountname" as displayed.

Hope this helps

Community Manager

Re: ldap groups not working

in this case the domain needed to be removed from the ldap config since the domain only needs to be filled in when a panagent is also present


Help the community: Like helpful comments and mark solutions
Reaper out
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!