This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Crednetial Phishing Agent Permissions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Crednetial Phishing Agent Permissions

apackard
L4 Transporter

‎09-03-2018 10:15 AM

Does anyone know if the credential phishing agent requires different\additional permissions to the base User agent?

 

I have installed with our 'standard' account and I get this in the logs:-

 

 09/03/18 18:05:33:996 [ Info 2036]: ------------Service is being started------------
 09/03/18 18:05:33:996 [ Info 2043]: Os version is 6.2.0.
 09/03/18 18:05:33:996 [ Info  389]: Load debug log level Info.
 09/03/18 18:05:33:996 [ Info  247]: Service version is 8.1.3.10.
 09/03/18 18:05:33:996 [ Info  392]: Product version is 8.
 09/03/18 18:05:33:996 [ Info  313]: Named pipe for UaService created.
 09/03/18 18:05:34:028 [Error  716]: Unable to extract credentials.
 09/03/18 18:05:39:028 [Error  716]: Unable to extract credentials.

 

It is also possible this is due to a security setting on the server itself I assume.

 

Thanks

2 people had this problem.
0 Likes Likes
4 REPLIES 4

SARowe_NZ
L3 Networker

‎02-25-2019 03:41 PM

Hey did you get this fixed? I'm having the same issue.

 

Thanks!
Shannon

0 Likes Likes

apackard
L4 Transporter
In response to SARowe_NZ

‎02-25-2019 06:08 PM

We did - I'm fairly sure we just had to run the Cred service as SYSTEM, not the Palo agent service account we assumed we needed to run both the PA agent and Cred agent with..

 

That said it is currently broken for us - I've not had time to check as we were only testing but I'm due to look this week as it turns out.

0 Likes Likes

SARowe_NZ
L3 Networker
In response to apackard

‎02-25-2019 07:13 PM

Hi thanks for replying - I've made sure we're using the system account, not a service account.

 

I've logged it with TAC and will update here if I get a resolution.

0 Likes Likes

Brandon_Wertz
L6 Presenter
In response to SARowe_NZ

‎02-27-2019 05:47 AM

I could have sworn early on the install instructions said you needed a domain admin or at least something along the way domain admin was required, but that doesn't appear to be the case now.

 

 

https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/threat-prevention/prevent-credential-phish...

 

For using "Domain Credential Filter" --

"Install the User-ID agent and the User Agent Credential service on an RODC using an account that has privileges to read Active Directory via LDAP (the User-ID agent also requires this privilege)."

0 Likes Likes
  • 3461 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks