LDAP and user authentication/authorization

Showing results for 
Show  only  | Search instead for 
Did you mean: 

LDAP and user authentication/authorization

L1 Bithead

Hi all!

I have a problem using LDAP for user/management authentication/authorization. When I try to log in via my domain I get the following in my log (after logging in again with the admin account):

Authorization failed for user *\*via Web from *.*.*.* : Invalid user 06/06 12:41:19

User '*\*' authenticated. Profile authProfileAdmins in an authentication sequence AuthSeqDomainAdmins succeeded. From: *.*.*.*.

Any suggestions?


Accepted Solutions

Please follow the configuration steps provided in the following document: https://live.paloaltonetworks.com/docs/DOC-1989

Unless the username you are using to login is 'AllowDomainAdmins', there is a misconfiguration.

As outlined in the document, it is required to create a Device -> Administrator account for each AD account that will be used.

Hope this helps!

- Stefan

View solution in original post


L4 Transporter

Please check the authentication profile and Authentication sequence. Are you referring to the correct profile for authentication. The empty spaces indicate that it is having trouble with the authentication profile

Hi and thanks for the reply. Please see attached pictures of my current

setup. The LDAP has contact with the server, so this is not the problem...

Best Regards/Vennlig Hilsen,

Kåre Tragethon

IT & Automasjon

Hallingplast AS

Tlf: +47 32 09 56 85

Fax: +47 32 09 55 94

Mob: +47 95 25 14 38


Could it be the classical mistake of using "domain.local" instead of just the netbios name "domain"?

Described in https://live.paloaltonetworks.com/thread/5050?tstart=0

Thanks but that didn't help. By the way, I'm only using LDAP (no user

agent)..... I could also mention that I'm only trying to access the

Management Interface at the moment. Could that be a problem?? Do I have to

create any security rules to allow access?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!