Active Directory help

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Active Directory help

L0 Member

Hi All,

We received our first pan 3020 Monday and I have been trying to learn about the product in order to setup for production. I'm making good progress so far, but I have run into an issue importing AD users. I setup group mapping and I'm able to see groups that were imported, but no users. What am I missing?

Thanks in advance for your help.

1 accepted solution

Accepted Solutions

I just stumbled into my issue. Under "Server Profiles", "LDAP" I had domain.local in the domain field. So it was listing all of my users as domain.local\username. So when I was trying to find the users they didn't show up as domain\username. Amazing such a problem from one little field.

Thanks for all the help guys.

View solution in original post

8 REPLIES 8

L3 Networker

Hello, you need need to setup a user ID agent to collect user > IP mappings. This can be done with the internal user ID Agent built in to the device or by using the external Windows User ID Agent.

L5 Sessionator

Have you configured ip user mapping as well. Please configure IP user mapping on the firewall, with either the agent or the agentless feature

You can view the users using the below commands:

>show user group list

This shows the groups that are learnt from the AD

>show user group name <group-name>

This command shows the users associated to that group

BR,

Karthik

L6 Presenter

so you use agentless system ? you configured user identification tab/user mapping  and enabled user identification on the zone you need ?

Currently I'm agentless. I setup the User Mapping and added server monitors for my dc's. I have Group Mapping Settings setup. LDAP is also setup, but when I click on a policy it only shows groups and no users.

can you verify if the user mapping shows up the user, use following command to check the same

> show user ip-user-mapping all

If the user is present can you try manually type in the username i.e first couple of letters

I just stumbled into my issue. Under "Server Profiles", "LDAP" I had domain.local in the domain field. So it was listing all of my users as domain.local\username. So when I was trying to find the users they didn't show up as domain\username. Amazing such a problem from one little field.

Thanks for all the help guys.

L4 Transporter

It's because you provide domain.local - change it to domain

please read this topic

Regards

Slawek

L5 Sessionator

Hi Jbo,

In the ldap profile under domain it is suppose to be netbios domain name and not FQDN. If you specify a wrong netbios domain name then the mapping will be incorrect and policies will not work correctly either. The reason is it appends the netbios domain name  you specify when it mapping the users. Hope that helps.

Thanks

Numan

  • 1 accepted solution
  • 3544 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!