Active Directory Users not Authenticating to GP

Reply
Highlighted
L1 Bithead

Active Directory Users not Authenticating to GP

Hi,

We configured agentless User-ID with our PAN OS 5.0.2. We created policies using the AD usernames and it is working fine.

However, We are trying to configure our GP to authenticate using the AD users. This is not working and we are getting the following error when trying to login:

User is not in allowlist

description contains 'User \'abc\user1\' failed authentication.  Reason: User is not in allowlist From: 8.8.8.8

Then invalid user and password

description contains 'User \'abc\user1\' failed authentication.  Reason: Invalid username/password From: 8.8.8.8.

We are also regularly receiving this error:

( description contains 'ldap cfg ABC failed to connect to server 1.1.1.1:389, source: 2.2.2.2: Strong(er) authentication required' )

Any suggestions?

Allowlist.jpg

Highlighted
L7 Applicator

Re: Active Directory Users not Authenticating to GP

Hi

It looks like your serverprofile is enabled to use ssl while accessing the non-ssl port

you may need to review the authentication profile and correct the ldap information

it should look a little like this:

2014-09-08_14-15-20.png

reaper - PANgurus.com
I drink and I know things
Highlighted
L7 Applicator

Re: Active Directory Users not Authenticating to GP

Hello Rsaber,

Just for testing, Could you please let us know when the allow list is set to 'all', the authentication succeed or not....? ( instead of defining a specific groups/users).

Thanks

Highlighted
L1 Bithead

Re: Active Directory Users not Authenticating to GP

If you're not using the management server to reach your LDAP could be a service route issue.

LDAP Authentication Fails When Using a User-ID Service Route

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!