12-21-2018 09:02 AM
Wondering if anyone has successfully integrated ADSSP Cached Credential Updating with PAN VPN and GlobalProtect client.
Have tried to find command line references for the GP client but am coming up blank.
ADSSP needs to call the VPN connection during a password reset so that it can update cached credentials for a remote user.
01-11-2019 01:37 PM
So far, no.
In my testing with ManageEngine devs, we have not been able to find a command that will initiate a user connection.
ManageEngine concluded GP doesnt support command line mode
My fallback is to set up PAN Pre-Logon which is of course a certificate based session, and will turn cached credential updating into a two-step process for remote users. One to initiate the pre-logon VPN, and two to complete the password change with the GINA client. The user should then be able to logon and switch the GP client to a user session.
I would think pre-logon could be automated via CLI since there is no user info involved. Perhaps someone will have an answer for that.
There is an OpenConnect client user build floating around that supports command line session initiation with PAN-OS, however I cannot install unofficial clients on our machines so it doesnt help my use case.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
