Global Protect Client not asking for passwort

Reply
Highlighted
L2 Linker

Global Protect Client not asking for passwort

Hi there,

we're piloting the GP Client with a few people. Some of them are asked for credentials when connecting (expected behaviour) and some people are not asked for their credentials, but connected successful (not expected).

We definitely haven't turned on SSO. The Clients are all installed by the same software distribution task. Also, I can not see anything suspicous in the logs that leads me to the root cause of the SSO... And, as usual with such issues, I'm not able to reproduce it :/

Have you experienced this in the past?

Thanks,

Sven

Highlighted
L5 Sessionator

Re: Global Protect Client not asking for passwort

Hello Sven,

One way to verify is check in the current user for the machine which got connected('Network->Global Protect->Gateways->Remote Users') without credentials and look for that IP address in system logs to see whether has any authentication passed onto portal?

Regards,

Hari Yadavalli

Highlighted
L2 Linker

Re: Global Protect Client not asking for passwort

Hi Hari,

I checked the logs again. But I don't see any difference from the globalprotectgateway-auth-succ Event for the users who are asked for credentials and those who are not. They all pass the same auth type: Profile.

Cheers,

Sven

L4 Transporter

Re: Global Protect Client not asking for passwort

Sven_Lieckfeldt,

and just to confirm... those specific machines were never logged into with credentials prior to this happening?

Thanks!

Please do not forget to mark and 'Helpful' or 'Correct' replies.

Highlighted
L2 Linker

Re: Global Protect Client not asking for passwort

Hi mmmccorkle,

sorry for my late replay - I was on vacation.

Yes, they connected for the very first time with this user and on that machine.

Thanks,

Sven

Highlighted
L4 Transporter

Re: Global Protect Client not asking for passwort

Hi Sven,

Please cross check the GP Portal - client configuration SSO and connect method.

GP ssl.PNG

Regards

Satish

Highlighted
L2 Linker

Re: Global Protect Client not asking for passwort

Hi Satish,

that is set to "on-demand" and "Use SSO" is _not_ checked.

Thanks,

Sven

Highlighted
L2 Linker

Re: Global Protect Client not asking for passwort

Sven_Lieckfeldt,

You may need to check PanGPS.log and authd.log to co-relate the authentication events.

1). Check PanGPS.log in global protect client installation path for auth events tried by user.

2).  In PAN cli, execute below command for authentication event generated by user.

> less mp-log authd.log
Then type /user-name to search any log for the user and keep pressing 'n' until you don't see any relevant log.

Or you can search for user authentication event in  authd.log using notepad++ after generating tech support file.

Without these logs it is difficult to say what happened.


Thanks

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!