This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cannot create rules based on users

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cannot create rules based on users

licenselu
L4 Transporter

‎10-03-2012 12:22 AM

Hi,

I've installed a new PA-500 device. I've also installed the UID-Agent and it's communicating with the Palo Alto because:

"show user ip-user-mapping" return results with many users

on monitor tab I have the users displayed

on acc tab i also statistics with users

But when i want to create rules and add a user it doesn't show any user available.

Labels:
0 Likes Likes
6 REPLIES 6

mikand
L6 Presenter

‎10-03-2012 12:30 AM

You need to setup the LDAP aswell for the configuration to be able to see which users and groups you have.

ppatel
L4 Transporter

‎10-03-2012 12:37 AM

After setting up LDAP, please verify the presence of a functioning Group Mapping configuration under Device > User Identification > Group Mapping Settings

This configuration should contain a functioning LDAP server profile assigned to the relevant virtual system with available groups


Regards

Parth

licenselu
L4 Transporter

‎10-03-2012 02:16 AM

Normally it sould work without configuring the LDAP server.

I've many customer that haven't configured any LDAP server and it's working.

0 Likes Likes

ppatel
L4 Transporter
In response to licenselu

‎10-03-2012 02:30 AM

In 4.1 user Id user to group mappings are performed using LDAP and the agent performs only user to ip mappings.

Try the following :-

admin@PA> debug user-id reset user-id-manager type all

admin@PA>configure

admin@PA#commit force

admin@PA#exit

admin@PA>debug software restart user-id


Wait for a minute and try to see if you can fetch the users in the security policy.


Regards

Parth

licenselu
L4 Transporter
In response to ppatel

‎10-03-2012 02:55 AM

I just need user to ip mapping so no need to configure LDAP Server.

I tried the following :

admin@PA> debug user-id reset user-id-manager type all

admin@PA>configure

admin@PA#commit force

admin@PA#exit

admin@PA>debug software restart user-id


but it didn't change anything.


I'll reboot the firewall in 30 minutes.

0 Likes Likes

licenselu
L4 Transporter

‎10-03-2012 03:37 AM

The reboot didn't change anything.

0 Likes Likes
  • 2735 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks