10-03-2012 12:22 AM
Hi,
I've installed a new PA-500 device. I've also installed the UID-Agent and it's communicating with the Palo Alto because:
"show user ip-user-mapping" return results with many users
on monitor tab I have the users displayed
on acc tab i also statistics with users
But when i want to create rules and add a user it doesn't show any user available.
10-03-2012 12:30 AM
You need to setup the LDAP aswell for the configuration to be able to see which users and groups you have.
10-03-2012 12:37 AM
After setting up LDAP, please verify the presence of a functioning Group Mapping configuration under Device > User Identification > Group Mapping Settings
This configuration should contain a functioning LDAP server profile assigned to the relevant virtual system with available groups
Regards
Parth
10-03-2012 02:30 AM
In 4.1 user Id user to group mappings are performed using LDAP and the agent performs only user to ip mappings.
Try the following :-
admin@PA> debug user-id reset user-id-manager type all
admin@PA>configure
admin@PA#commit force
admin@PA#exit
admin@PA>debug software restart user-id
Wait for a minute and try to see if you can fetch the users in the security policy.
Regards
Parth
10-03-2012 02:55 AM
I just need user to ip mapping so no need to configure LDAP Server.
I tried the following :
admin@PA> debug user-id reset user-id-manager type all
admin@PA>configure
admin@PA#commit force
admin@PA#exit
admin@PA>debug software restart user-id
but it didn't change anything.
I'll reboot the firewall in 30 minutes.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
