Captive Portal -- LDAP Authentication Question

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted

Captive Portal -- LDAP Authentication Question

Thank you for your time. I have a lab setup with a PA-500 and a Windows 2008 server with Active Directory. I have a single user in the trust zone on the Palo and I am trying to get Captive portal working for User-ID mappings of unknown users. I have my LDAP server profile and I have my user/group mappings working just fine with that, however, when I attempt to use the LDAP authentication profile in Device>User Identification>Captive Portal Settings which references that LDAP server profile, authentication fails.

The user does get redirected to the web form and I put the credentials in and it fails to authenticate. When I do a packet capture on the Windows server, I see the LDAP bind request and it is successful. It then appears to be searching the directory and shows a success with 0 results. I am not too familiar with the inner workings of LDAP. Any ideas as to why authentication fails? I know I am entering in the correct username and password because I can login to the test domain I have setup on the host laptop. Does the username have to be in a certain format? I am not user SSL with LDAP in this scenario.


Accepted Solutions
Highlighted

Thank you. I figured out the issue just now. I had to add the sAMAccountName value for Login Attribute under the LDAP Authentication Profile.

View solution in original post


All Replies
Highlighted
L4 Transporter

Hi

In my opinion You should start with check if you put netbios name of your AD domain in ldap profile.

This topic could be usefull for You problem with groups in user-id mapping

Check also system log for logs related to AD authentication. If You will sure that above is working You can start with Captive Portal

ANother thing - Make sure user identification is enabled on the ingress zone - please read Troubleshooting Captive Portal

Regards

SLawek

Highlighted

Thank you. I figured out the issue just now. I had to add the sAMAccountName value for Login Attribute under the LDAP Authentication Profile.

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!