11-10-2011 08:31 AM
Prior to upgrading to v4.1, when adding an AD group to a policy, the group name used to show up as the shortened name "domain\groupname". While those policies still work post upgrading, whenever I now add a group name to a policy, the group shows up as "cn:groupname,ou:users,dc=domain,dc=local". While functional, not as cosmetic.
Is it a config/setting issue on my end where I can get the old style group names to appear or is this the new format moving forward? For what its worth, when adding users it still shows up as "domain\user".
See the attached screen shot for an example.
11-10-2011 10:22 PM
With PAN-OS 4.0 we had separate PAN-agent for AD and User-ID agent for LDAP. PAN-OS 4.1 combines both into a single unified client. With 4.1 the agent will still provide IP-user mapping. But group info will now come directly from LDAP. This is why you see group info in the format you are seeing. As I understand it, this will be the format going forward.
Regards
-Richard
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
