04-09-2014 02:11 AM
What is the recommended way to connect a PA box to a windows domain?
I see know there is a radius way of doing it, and i know this is the way other like to configure it.
But there is alot more work configuring, and reconfiguring if i want to change/add any groups or access.
Is there a reason we should not use Kerberos or LDAP?
04-10-2014 01:07 AM
I recomendate to start from https://live.paloaltonetworks.com/docs/DOC-6591
I'm using agent User-id like most of us, so for start I recomendate this option.
04-10-2014 02:04 AM
That describes the LDAP way, and this is the way i have testet the most.
The reason for connecting to a domain is to authenticate users for GlobalProtect, and to give access to different resources from domain groups.
04-10-2014 04:05 AM
Yes, but why You think about other posibilities if You are using Microsoft AD?
Radius/Kerberos IMHO is dedicated in tother scenario.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!