Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-20-2015 05:27 AM
Hi there,
we're piloting the GP Client with a few people. Some of them are asked for credentials when connecting (expected behaviour) and some people are not asked for their credentials, but connected successful (not expected).
We definitely haven't turned on SSO. The Clients are all installed by the same software distribution task. Also, I can not see anything suspicous in the logs that leads me to the root cause of the SSO... And, as usual with such issues, I'm not able to reproduce it 😕
Have you experienced this in the past?
Thanks,
Sven
02-20-2015 06:39 AM
Hello Sven,
One way to verify is check in the current user for the machine which got connected('Network->Global Protect->Gateways->Remote Users') without credentials and look for that IP address in system logs to see whether has any authentication passed onto portal?
Regards,
Hari Yadavalli
02-20-2015 06:45 AM
Hi Hari,
I checked the logs again. But I don't see any difference from the globalprotectgateway-auth-succ Event for the users who are asked for credentials and those who are not. They all pass the same auth type: Profile.
Cheers,
Sven
02-20-2015 09:03 AM
Sven_Lieckfeldt,
and just to confirm... those specific machines were never logged into with credentials prior to this happening?
Thanks!
Please do not forget to mark and 'Helpful' or 'Correct' replies.
03-02-2015 02:05 AM
Hi mmmccorkle,
sorry for my late replay - I was on vacation.
Yes, they connected for the very first time with this user and on that machine.
Thanks,
Sven
.png "Satish"){kind=avatar}
03-02-2015 02:48 AM
Hi Sven,
Please cross check the GP Portal - client configuration SSO and connect method.
Regards
Satish
03-03-2015 04:19 AM
Hi Satish,
that is set to "on-demand" and "Use SSO" is _not_ checked.
Thanks,
Sven
03-03-2015 11:48 AM
Sven_Lieckfeldt,
You may need to check PanGPS.log and authd.log to co-relate the authentication events.
1). Check PanGPS.log in global protect client installation path for auth events tried by user.
2). In PAN cli, execute below command for authentication event generated by user.
> less mp-log authd.log
Then type /user-name to search any log for the user and keep pressing 'n' until you don't see any relevant log.
Or you can search for user authentication event in authd.log using notepad++ after generating tech support file.
Without these logs it is difficult to say what happened.
Thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
