Active Directory Users not Authenticating to GP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Active Directory Users not Authenticating to GP

L1 Bithead

Hi,

We configured agentless User-ID with our PAN OS 5.0.2. We created policies using the AD usernames and it is working fine.

However, We are trying to configure our GP to authenticate using the AD users. This is not working and we are getting the following error when trying to login:

User is not in allowlist

description contains 'User \'abc\user1\' failed authentication.  Reason: User is not in allowlist From: 8.8.8.8

Then invalid user and password

description contains 'User \'abc\user1\' failed authentication.  Reason: Invalid username/password From: 8.8.8.8.

We are also regularly receiving this error:

( description contains 'ldap cfg ABC failed to connect to server 1.1.1.1:389, source: 2.2.2.2: Strong(er) authentication required' )

Any suggestions?

Allowlist.jpg

3 REPLIES 3

Cyber Elite
Cyber Elite

Hi

It looks like your serverprofile is enabled to use ssl while accessing the non-ssl port

you may need to review the authentication profile and correct the ldap information

it should look a little like this:

2014-09-08_14-15-20.png

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L7 Applicator

Hello Rsaber,

Just for testing, Could you please let us know when the allow list is set to 'all', the authentication succeed or not....? ( instead of defining a specific groups/users).

Thanks

L1 Bithead

If you're not using the management server to reach your LDAP could be a service route issue.

LDAP Authentication Fails When Using a User-ID Service Route

  • 2458 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!