Global protect users dont pass authentication

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global protect users dont pass authentication

L4 Transporter

Hello all

we have PA in production.The problem is VPN users dont pass by certain authentication profile.The issue is that when we point user it is ok but when we point some group it fails to authenticate

we test through CLI and that is result

 

test authentication authentication-profile VPN_LDAP username eradmin password
Enter password :
 
Allow list check error:
Target vsys is not specified, user "eradmin" is assumed to be configured with
a shared auth profile.
 
Do allow list check before sending out authentication request...
User eradmin is not allowed with authentication profile VPN_LDAP 

 

This eradmin user is the member of VPN-USERS group.When we point this user separately it is ok but inside the group it fail to authenticate

 

Model is 820

PAN OS- 8.0.7

1 REPLY 1

Cyber Elite
Cyber Elite

@Radmin_85,

If you run the command as stated below, switching the info out with your group, does the firewall properly poll the group and display the requesting user? 

show user group name cn=palo--lab-admin-users,ou=groups,ou=lab-enviroment,dc=lab,dc=root,dc=local
  • 1877 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!