01-27-2011 01:20 AM
We run McAfee which does some user authentication on AD for group policies. The problem is that when this happens, the ip to user mapping shows this service account as the user instead of the actual user that is logged in. The actual user is then unable to match on a specific rule and therefore gets the incorerct access.
Not sure if changing some timers will help???
Note: Netbios/WMI probing is disabled
01-27-2011 05:40 AM
Hi There,
You need to have this user ignored in the User-ID Agent:
https://live.paloaltonetworks.com/docs/DOC-1116
Thanks
James
01-27-2011 05:40 AM
Hi There,
You need to have this user ignored in the User-ID Agent:
https://live.paloaltonetworks.com/docs/DOC-1116
Thanks
James
01-31-2011 06:21 AM
Thanks James
Is there any command, or something else that you can run, to confirm whether this is working after the file has been created? Should you restart any services?
01-31-2011 06:25 AM
Just to be on the safe side, you should restart the PAN-Agent service and reset the connection between the PAN device and the PAN-Agent.
> debug device-server reset pan-agent all
Traffic logs lacking the username in question would be indicative of it being resolved.
-Renato
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
