- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-04-2017 12:36 AM
Hello Dear Community,
I have a client who wants view user-id users name of the radius server on Palo Alto Logs (Like happens with LDAP Active Directory)
The SO of the Radius Server is Windows Server 2008. I saw there is a link on Palo Alto KBs to configure the user-id for Radius users from the Syslog Server:
But in this case, the customer has a Syslog but is not sending the Radius User logging to the Syslog, So I cannot apply this procedure.
Are there another form to do this?
Regards,
Aitor
04-04-2017 03:08 AM
We use Aruba ClearPass for authentication, and there is a supported solution for integration between ClearPass and PA. Don't know if it's any help for you. It uses XML API.
04-04-2017 07:08 AM
Thanks for your answer.
I'm not sure if this will works on Windows Enviroment but atleast It gave me some good ideas to test a connection with the customer and get some data. Maybe with this I can build the necessary solution.
Regards,
Aitor
04-04-2017 08:27 AM
Hello,
Which RADIUS software are they using? Also does the RADIUS software log to the Security logs on the windows box?
Regards,
04-06-2017 12:51 PM
Hello.
Yes, I think they are logging the Radius Logs on Security Events of Windows. That something that I want to try and I am preparing, but i'm not pretty sure about how exactly works in order to configure it. Is on Server Monitoring like an active Directory? They are using the Radius Server also as User-ID agent so I think that is a good option to do it.4
Would you have some considerations about this?
Thanks!
Aitor
04-06-2017 01:22 PM
Hello,
The User-ID functionality on the PAN can map usernames to IP address's. Here are a few links to help you get started.
https://live.paloaltonetworks.com/t5/Management-Articles/User-ID-resource-list/ta-p/70379
https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-User-ID/ta-p/69321
https://live.paloaltonetworks.com/t5/Configuration-Articles/User-ID-Agent-Setup-Tips/ta-p/54755
Hope this helps.
Regards,
04-18-2017 12:22 AM
Hello,
Our environment is the following:
-WiFi Users authenticates against RADIUS connecting through Cisco WCS
-RADIUS server is a Windows Server 2008 R2 with NPS services. This Device is also working as user-id Agent
-Saw that users coming from WiFi Networks does not show the User-ID since they are being authenticated agaisnt Radius.
Now, the question is: How we can see the user-id names of Wi-Fi users on Palo Alto Logs. I was able to do it on my lab configuring a Radius Authentication Profile and a Radius Server (Windows 2008 R2)
The links was very usefull to build my lab, but i'm not sure about if this will work on this enviroment (The users passes for the WCS first)
Any Suggestion?
Regards,
Aitor
04-18-2017 02:48 AM
Have a look at this article, particularly the Comments section:
04-18-2017 06:39 AM
Ok. That was very usefull. I will check that!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!