09-08-2014 04:54 AM
Hi,
We configured agentless User-ID with our PAN OS 5.0.2. We created policies using the AD usernames and it is working fine.
However, We are trying to configure our GP to authenticate using the AD users. This is not working and we are getting the following error when trying to login:
User is not in allowlist
description contains 'User \'abc\user1\' failed authentication. Reason: User is not in allowlist From: 8.8.8.8
Then invalid user and password
description contains 'User \'abc\user1\' failed authentication. Reason: Invalid username/password From: 8.8.8.8.
We are also regularly receiving this error:
( description contains 'ldap cfg ABC failed to connect to server 1.1.1.1:389, source: 2.2.2.2: Strong(er) authentication required' )
Any suggestions?
09-08-2014 05:15 AM
Hi
It looks like your serverprofile is enabled to use ssl while accessing the non-ssl port
you may need to review the authentication profile and correct the ldap information
it should look a little like this:
09-08-2014 06:41 AM
Hello Rsaber,
Just for testing, Could you please let us know when the allow list is set to 'all', the authentication succeed or not....? ( instead of defining a specific groups/users).
Thanks
09-08-2014 12:35 PM
If you're not using the management server to reach your LDAP could be a service route issue.
LDAP Authentication Fails When Using a User-ID Service Route
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
