Best or recommended way to connect PA to Windows Domain

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Best or recommended way to connect PA to Windows Domain

L1 Bithead

What is the recommended way to connect a PA box to a windows domain?

I see know there is a radius way of doing it, and i know this is the way other like to configure it.

But there is alot more work configuring, and reconfiguring if i want to change/add any groups or access.

Is there a reason we should not use Kerberos or LDAP?


L4 Transporter


I recomendate to start from

I'm using agent User-id like most of us, so for start I recomendate this option.



That describes the LDAP way, and this is the way i have testet the most.

The reason for connecting to a domain is to authenticate users for GlobalProtect, and to give access to different resources from domain groups.

Yes, but why You think about other posibilities if You are using Microsoft AD?

Radius/Kerberos IMHO is dedicated in tother scenario.



  • 3 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!