09-26-2021 06:23 PM
Hi All,
While troubleshooting a intermittent GP issue, I have noticed the below error repeating in the useridd.log.
I am not sure if this part of the problem or not, but it does look a little worrying. I can still browse AD from the firewall and find groups.
2021-09-20 16:18:10.268 +1000 connecting to ldap://[192.168.1.1]:389 ...
2021-09-20 16:18:10.273 +1000 ldap cfg UserGroupMapping connected to 192.168.1.1:389(index 0)
2021-09-20 16:18:10.327 +1000 Error: pan_ldap_ctrl_search_device(pan_ldap_ctrl.c:1889): user_id database is not bound yet
I can also see groups mapped when I run the below command:
>show user group-mapping state all
Performing the below commands hasn't seemed to help either:
> debug user-id reset group-mapping all
>debug software restart process user-id
User-ID is still functioning in some respect as people are able to authenticate to GP and users are able to access resources through security policy rules where user-id is defined.
Any ideas on how to resolve this error?
Thanks in advance.
12-05-2021 02:14 PM
@Joshan_Lakhani No sorry it was never resolved. Still pending.
01-29-2022 01:17 AM
I am also having this issue.
pan_ldap_ctrl_search_device(pan_ldap_ctrl.c:1889): user_id database is not bound yet
When I supply this command seems its pulling and have it in db, It appears to me that, when I created the use names its getting populated in PA, but unable t login in with username
User Name Vsys Groups
------------------------------------------------------------------
ramslab.local\fwadmin vsys1 cn=administrators,cn=builtin,dc=ramslab,dc=local
cn=domain users,cn=users,dc=ramslab,dc=local
cn=users,cn=builtin,dc=ramslab,dc=local
cn=domain admins,cn=users,dc=ramslab,dc=local
cn=denied rodc password replication group,cn=users,dc=ramslab,dc=local
ramslab.local\azwinadmin vsys1 cn=administrators,cn=builtin,dc=ramslab,dc=local
cn=domain users,cn=users,dc=ramslab,dc=local
cn=users,cn=builtin,dc=ramslab,dc=local
cn=domain admins,cn=users,dc=ramslab,dc=local
cn=group policy creator owners,cn=users,dc=ramslab,dc=local
cn=schema admins,cn=users,dc=ramslab,dc=local
cn=enterprise admins,cn=users,dc=ramslab,dc=local
cn=denied rodc password replication group,cn=users,dc=ramslab,dc=local
ramslab.local\az-linx-vm-2$ vsys1 cn=domain controllers,cn=users,dc=ramslab,dc=local
cn=denied rodc password replication group,cn=users,dc=ramslab,dc=local
04-05-2022 08:12 AM
I'm getting a similar error. User-ID is set to LDAP (multiple Windows Domain Controllers), they all 3 show connected, but traffic logs do not show the user, causing the traffic to miss the correct security polidy and be blocked. Useridd.log shows :
useridd.log
2022-04-05 08:52:33
2022-04-05 08:52:33.609 -0400 Error: pan_ldap_ctrl_search_device(pan_ldap_ctrl.c:1872): user_id database is not bound yet
07-06-2022 09:41 AM
Hello All,
For me it was groups that were not configured correctly after a major migration.
So it was a misconfiguration basically.
Regards,
09-16-2022 08:03 AM
Hello Brian and all,
I'm getting exactly the same error.
Did to find a fix?
Thanks!
Cheers
09-16-2022 08:15 AM
@Gab_Petricca Check out this KB article:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClphCAC
09-17-2022 03:36 AM
12-14-2022 03:23 AM
Hi, Ramakrishnan,
how to fixed. About this subject if you have any documants pls share us.
We have same issue. We between different data center Data Redistribution info shared. But including the same AD groups we see some users info, some users not see.
01-06-2023 04:10 AM
Hi Pedro,
We using 10.1.5-h1 version. We couldnt solve this problem.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
