08-04-2014 11:10 AM
User-ID integration with Microsoft AD is great, and works nicely, but we have the bulk of our users using RADIUS to authenticate wirelessly with 802.1x, and we're using a Microsoft NPS server to do that job. These users' devices are not necessarily (and often are not) Windows domain computers, so the LDAP lookups aren't providing the needed information for a User-ID mapping. Is there any good way to get that information from the NPS server?
08-05-2014 02:55 PM
Roadmap questions are only answered under the NDA from your Sales team. They can also see if there is an existing FR (Feature Request) for the functionality. If there is an FR number you can add a "vote" for the feature.
08-04-2014 01:11 PM
Hi
At the moment there isn't direct intergration with NPS however new features in PAN OS 6.0 called "User-ID Integration With Syslog" could be usefull for You.
Please read New Features Guide 6.0 (English) page 96
Regards
SLawek
08-04-2014 03:07 PM
Hello,
One problem you might encounter with userid integration is that the ip in the Microsoft NPS logs is not the ip address of the client machine but the device performing the radius Auth on behalf of client.
If the wireless device is capable of sending user and ip information in syslog format then you can use new feature in Pan-OS 6.0 mentioned above.
If the device is not able to send this information in syslog such as Cisco WLC (which uses SNMP) then would need to have the information sent to SNMP collector from WLC.
On the SNMP collector would need to have a way of parsing the event and forwarding that to Pan User-ID for User-ID integration.
08-04-2014 06:09 PM
You could configure captive portal. But I guess you don't want to force a login portal.
The issue with RADIUS is as dmaynard says, the ip association is in the payloads. There is a script posted in Dev center to extract this for user id association. I'm not sure how well it works as I haven't used it.
Scripting solution for User ID working with Microsoft IAS/NPS
08-05-2014 09:12 AM
Yeah, I might have to look into that scripting solution. I'd definitely prefer native NPS integration, but who wouldn't? I just wonder if it's in the pipeline.
08-05-2014 02:55 PM
Roadmap questions are only answered under the NDA from your Sales team. They can also see if there is an existing FR (Feature Request) for the functionality. If there is an FR number you can add a "vote" for the feature.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
