This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Global Protect Radius Child Domains

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect Radius Child Domains

ddavis1
Not applicable

‎04-12-2014 06:29 AM

Global Protect using Radius works perfect for users in the parent domain. It will not work for users in child domains.

I worked with Palo Support for several hours and they believe the issue is a setting on the Radius server but they do not know what the settings on the Radius server should be for child domains.

Does anyone know how to set the Radius server settings or have a DOC to it?

This is not an issue for my Cisco ASA...

14:45:02.165702 IP 192.168.165.241.54053 > Server.Parent.com.radius: RADIUS, Access Request (1), id: 0x4e length: 64

14:45:02.167058 IP Server.Parent.com..radius > 192.168.165.241.54053: RADIUS, Access Reject (3), id: 0x4e length: 20

0 Likes Likes
2 REPLIES 2

sjamaluddin
L4 Transporter

‎04-12-2014 03:30 PM

What happens if the user adds the prefix to the username to specify the child domain so that when the request is forwarded from the PAN firewall towards the RADIUS server the request is as follows  ChildDomain\username rather than the user just trying to authenticate with the username only?

0 Likes Likes

ddavis1
Not applicable

‎04-14-2014 11:27 AM

I was finally able to get the user to authenticate to the web address to download the client by adding the specific path for the child domain users in the PA Authentication Profile and doing the same on the radius server. But it does not work for the global protect client. I would think since it authenticated the user to download the client it would have worked when connecting with global protect.

Yes have to use ChildDomain\UserName

GlobalProtect portal user authentication failed. Login from: 70.210.1.8, User name: TestUser, Reason: Authentication failed: Invalid username or password

0 Likes Likes
  • 2171 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks