Thank you for your time. I have a lab setup with a PA-500 and a Windows 2008 server with Active Directory. I have a single user in the trust zone on the Palo and I am trying to get Captive portal working for User-ID mappings of unknown users. I have my LDAP server profile and I have my user/group mappings working just fine with that, however, when I attempt to use the LDAP authentication profile in Device>User Identification>Captive Portal Settings which references that LDAP server profile, authentication fails.
The user does get redirected to the web form and I put the credentials in and it fails to authenticate. When I do a packet capture on the Windows server, I see the LDAP bind request and it is successful. It then appears to be searching the directory and shows a success with 0 results. I am not too familiar with the inner workings of LDAP. Any ideas as to why authentication fails? I know I am entering in the correct username and password because I can login to the test domain I have setup on the host laptop. Does the username have to be in a certain format? I am not user SSL with LDAP in this scenario.
Solved! Go to Solution.
In my opinion You should start with check if you put netbios name of your AD domain in ldap profile.
This topic could be usefull for You problem with groups in user-id mapping
Check also system log for logs related to AD authentication. If You will sure that above is working You can start with Captive Portal
ANother thing - Make sure user identification is enabled on the ingress zone - please read Troubleshooting Captive Portal
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!