We configured agentless User-ID with our PAN OS 5.0.2. We created policies using the AD usernames and it is working fine.
However, We are trying to configure our GP to authenticate using the AD users. This is not working and we are getting the following error when trying to login:
User is not in allowlist
description contains 'User \'abc\user1\' failed authentication. Reason: User is not in allowlist From: 126.96.36.199
Then invalid user and password
description contains 'User \'abc\user1\' failed authentication. Reason: Invalid username/password From: 188.8.131.52.
We are also regularly receiving this error:
( description contains 'ldap cfg ABC failed to connect to server 184.108.40.206:389, source: 220.127.116.11: Strong(er) authentication required' )
It looks like your serverprofile is enabled to use ssl while accessing the non-ssl port
you may need to review the authentication profile and correct the ldap information
it should look a little like this:
Just for testing, Could you please let us know when the allow list is set to 'all', the authentication succeed or not....? ( instead of defining a specific groups/users).
If you're not using the management server to reach your LDAP could be a service route issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!