Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

how to browse for adding specific AD group in LDAP authentication.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

how to browse for adding specific AD group in LDAP authentication.

L3 Networker

Hi..

Customer would like to use SSL VPN with Active-Directory.

So, I have configured SSL VPN with LDAP Authentication.

There was no problem to connect SSL VPN with LDAP Authentication.
after verify SSL VPN connection,  I  was going to add some specific group to LDAP authentication in Authentication profile.

But I cannot browse Active-Directory group in LDAP authentication.

Surely, I’m not installed any user agents including AD-Agent and LDAP agent.

do i must install a user-agent, If I am going to add some specific AD group through browse in LDAP Authentication?

Thanks,

Eugene.

1 REPLY 1

L4 Transporter

If you are using PAN OS v.4.1.x the PAN Firewall should be able to pull group information directly from the AD

To check the groups you can go to:

Device>>UserID>>Group Mapping and if the LDAP is configured correctly, then you should be able to pull the groups there.

Also these groups should show up in the Authentication Profile section.

If however, you are using PAN OS 4.0, or earlier, the group information is pulled from a UserID / PAN Agent so then, yes you would require an Agent running on a domain controller to be able to transfer groups over to the PAN Firewall.

  • 1906 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!