AD interation and recently created user - problem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

AD interation and recently created user - problem

L4 Transporter

Hello

I'm using user ID with agents on DC. Today I got strange problem.

I created new user and I try to logon to GP portal and user GP client. Everytime I got in logs invalid username or password.

I know:

>debug user-id refresh group-mapping all  (non-intrusive command)

This command will only fetch the delta/ difference value from the active directory

> debug user-id reset group-mapping all  (intrusive command)

but it's for group, this user doesn't belogs to any of mapped group.

How to force refresh this user?

Regards

SLawek

2 REPLIES 2

L3 Networker

Simple GP authentication shouldn't be affected by any refresh.

If authentication for existing users are working properly (otherwise I would have requested you to check for LDAP conenctivity),

check what you see in authd logs?

Did you try a tcpdump or pcap of the interesting traffic on Palo Alto firewall?

Did you check on DC for user authentication logs?

Possibly this will help you narrow down.

L4 Transporter

Hello

You said that the user was not part of any group. As such, have you added that user to the Authentication profile for GP Portal / GW as an individual user there?

You can do the reset command - as that forces the LDAP server to pull all the users/ groups from the AD again (before its hourly update).

If you add a new user to a group or to AD, the firewall groups ought to be reset so as to pull any new users / groups on the AD

  • 2220 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!