This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Command user group name not working

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Command user group name not working

BigPalo
L4 Transporter

‎04-16-2020 06:44 AM

Hi,

 

We just check that the command:  show user group name 'cn=......' has this output: 

user group xxxxx does not exist or does not have members. All config is OK. 

 

If we run "show user group list", i can see al the groups, but filtering by one of them shows:

user group xxxxx does not exist or does not have members

 

show user ip-user-mapping all ---> OK

show user user-ids match-user xxxx ---> OK

 

 

Why is not showing users in groups?

5 people had this problem.
7 REPLIES 7

BPry
Cyber Elite
Cyber Elite

‎04-16-2020 06:53 AM

@BigPalo,

Is the group in your group-include-list? My first thought would be that you are trying to look at group membership for a group that the firewall isn't actively pulling, thus it doesn't know/care if anyone is in that group. Trying running the same command on something that you are actively included in your group-include-list and you should have all members listed. 

0 Likes Likes

BigPalo
L4 Transporter
In response to BPry

‎04-16-2020 07:02 AM - edited ‎04-16-2020 07:06 AM

Yes, group is included in the list. We tried to put all in list, just in case, but the result is the same. Its weird...

 

Its happening with all the groups in "show user group list". 

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to BigPalo

‎04-16-2020 07:14 AM

@BigPalo,

Hmm that's really odd. I might try restarting the management plane just to see if that resolves the issue, otherwise I would open a support case about it.

0 Likes Likes

MickBall
L7 Applicator
In response to BigPalo

‎04-16-2020 09:23 AM

Probably teaching you to suck eggs here but have you copied and paste group name as syntax is essential here..

 

also.. do you have any special characters in the group name such as ampersand or comma...

 

do you get the expected output from  show user group-mapping state all.    Return the expected output.

 

do you only have permissions to see the groups but not the members.

 

is your group mapping correct....   ie- object for both group objects and user objects.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks