- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-14-2013 09:03 AM
Hi All,
We received our first pan 3020 Monday and I have been trying to learn about the product in order to setup for production. I'm making good progress so far, but I have run into an issue importing AD users. I setup group mapping and I'm able to see groups that were imported, but no users. What am I missing?
Thanks in advance for your help.
08-14-2013 08:19 PM
I just stumbled into my issue. Under "Server Profiles", "LDAP" I had domain.local in the domain field. So it was listing all of my users as domain.local\username. So when I was trying to find the users they didn't show up as domain\username. Amazing such a problem from one little field.
Thanks for all the help guys.
08-14-2013 09:18 AM
Hello, you need need to setup a user ID agent to collect user > IP mappings. This can be done with the internal user ID Agent built in to the device or by using the external Windows User ID Agent.
08-14-2013 09:19 AM
Have you configured ip user mapping as well. Please configure IP user mapping on the firewall, with either the agent or the agentless feature
You can view the users using the below commands:
>show user group list
This shows the groups that are learnt from the AD
>show user group name <group-name>
This command shows the users associated to that group
BR,
Karthik
08-14-2013 09:21 AM
so you use agentless system ? you configured user identification tab/user mapping and enabled user identification on the zone you need ?
08-14-2013 08:08 PM
Currently I'm agentless. I setup the User Mapping and added server monitors for my dc's. I have Group Mapping Settings setup. LDAP is also setup, but when I click on a policy it only shows groups and no users.
08-14-2013 08:18 PM
can you verify if the user mapping shows up the user, use following command to check the same
> show user ip-user-mapping all
If the user is present can you try manually type in the username i.e first couple of letters
08-14-2013 08:19 PM
I just stumbled into my issue. Under "Server Profiles", "LDAP" I had domain.local in the domain field. So it was listing all of my users as domain.local\username. So when I was trying to find the users they didn't show up as domain\username. Amazing such a problem from one little field.
Thanks for all the help guys.
08-15-2013 08:21 AM
Hi Jbo,
In the ldap profile under domain it is suppose to be netbios domain name and not FQDN. If you specify a wrong netbios domain name then the mapping will be incorrect and policies will not work correctly either. The reason is it appends the netbios domain name you specify when it mapping the users. Hope that helps.
Thanks
Numan
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!