we're piloting the GP Client with a few people. Some of them are asked for credentials when connecting (expected behaviour) and some people are not asked for their credentials, but connected successful (not expected).
We definitely haven't turned on SSO. The Clients are all installed by the same software distribution task. Also, I can not see anything suspicous in the logs that leads me to the root cause of the SSO... And, as usual with such issues, I'm not able to reproduce it :/
Have you experienced this in the past?
One way to verify is check in the current user for the machine which got connected('Network->Global Protect->Gateways->Remote Users') without credentials and look for that IP address in system logs to see whether has any authentication passed onto portal?
I checked the logs again. But I don't see any difference from the globalprotectgateway-auth-succ Event for the users who are asked for credentials and those who are not. They all pass the same auth type: Profile.
and just to confirm... those specific machines were never logged into with credentials prior to this happening?
Please do not forget to mark and 'Helpful' or 'Correct' replies.
sorry for my late replay - I was on vacation.
Yes, they connected for the very first time with this user and on that machine.
You may need to check PanGPS.log and authd.log to co-relate the authentication events.
1). Check PanGPS.log in global protect client installation path for auth events tried by user.
2). In PAN cli, execute below command for authentication event generated by user.
> less mp-log authd.log
Then type /user-name to search any log for the user and keep pressing 'n' until you don't see any relevant log.
Or you can search for user authentication event in authd.log using notepad++ after generating tech support file.
Without these logs it is difficult to say what happened.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!