Agentless User-ID

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Agentless User-ID

L1 Bithead

Hi,

I am having issues with getting the user-mappings after configuring the PAN as an agentless user-id with an AD. I have followed all the steps in this document

-> https://live.paloaltonetworks.com/docs/DOC-4332.

All are good except that when I run the CLI command  > show user ip-user-mapping all

6 REPLIES 6

Ldap server is required for getting group-mappings.

Can you confirm if user-identification is enabled for the zone you wanted to see mapping?

Suhaimi,

No, Ldap server is configuration is required to pull user-group mappings, not in this case. If you're sure about the service account privileges(Be sure the user is part of the Distributed COM Users, Server Operators and Event Log Readers groups.), can you ensure the status of the AD shows up as 'Connected' on the firewall?

uid.PNG

You can run the following command to check the statistics as well-

> show user server-monitor state all

> show user server-monitor statistics

Also, please ensure the firewall is connected to all the DC's the users are logging on to. User-ip-mappings are retrieved by the firewall by reading successful logon events from the security logs on DC. You can run 'set l' on the windows command prompt and that will show the DC user is logging onto. If all this is in place, looking at the userid debug logs should help.

> debug user-id on debug

> debug user-id set userid servermonitor

> debug user-id set userid basic

> debug user-id log-ip-user-mapping yes

> tail follow yes mp-log useridd.log

To turn these off-

> debug user-id log-ip-user-mapping no

> debug user-id unset all

>debug user-id on info

This will be a helpful document for you:

https://live.paloaltonetworks.com/docs/DOC-5662

Hope that helps,

Aditi

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!