I have a portal and 3 gateways setup working with LDAP and active directory. It is setup to use user-logon with Single Sign On. All this works without issue. What I am having issues with is I have my firewalls intergrated with LDAP and Active directory groups, I use these groups for policy rules. What I am seeing, is that the Global Protect user will sometimes show only userid in the traffic logs, and not domain\userid, at some point it will switch to using domain\userid. This is causing me issues. Any thoughts?
I have usually seen this issue when "Enable Server Session Read" is enabled and the user tries to access any resources such as printers etc. Can you check if it is enabled and try disabling it if possible ?
Hope it helps !
In the ldap server profile I left the domain blank, but when do a show user user-ids match i get domain\user. I added the domain local name to the server profile. When I tested global connect the traffic logs showed the id without the domain, but then switched over to domain\user after about a minute. not sure if i just caught it on the cycle or not.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!