12-11-2013 04:36 AM
I have created a new group in Active Directory, but the PAN doesn't show the new security group in the drop down menu (Security Policy Rule -> User.Add) when adding a new policy. Is there something more that I need to do?
12-11-2013 05:55 AM
Please take a look in topic User Groups Seen as Users in Security Policy and new users added to that group are not getting ident...
> debug user-id reset group-mapping all (intrusive command)
This command will query the active directory server to re-build the user-group mappings from scratch.
Regards
Slawek
12-11-2013 06:35 AM
From where do I run this script. Can I run it from the browser interface?
12-11-2013 07:09 AM
Never mind. I ran the script.
01-02-2014 12:09 AM
From PAN 5.0.10 fixes log:
57816—Groups were not displayed in the Allow List dropdown selection of an
Authentication Profile. This was due to changes made for an issue addressed in PAN-
OS 5.0.7 (49237). This issue has been fixed so that groups are displayed in the Allow
List dropdown selection of an Authentication Profile for single-vsys devices.
Regards
SLawek
01-06-2014 01:47 PM
Panos generates a .xml file containing users and groups used by our web front-end for listing purpose.
You can check if your new groups are present in this file with following command:
> less mp-global userinfo.xml
if not, you can try to rebuild the file (!! Disruptive actions !!):
> debug user-id clear group all
> debug software restart user-id
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
