06-06-2012 05:27 AM
Hi all!
I have a problem using LDAP for user/management authentication/authorization. When I try to log in via my domain I get the following in my log (after logging in again with the admin account):
Authorization failed for user *\*via Web from *.*.*.* : Invalid user 06/06 12:41:19
User '*\*' authenticated. Profile authProfileAdmins in an authentication sequence AuthSeqDomainAdmins succeeded. From: *.*.*.*.
Any suggestions?
06-13-2012 09:44 AM
Please follow the configuration steps provided in the following document: https://live.paloaltonetworks.com/docs/DOC-1989
Unless the username you are using to login is 'AllowDomainAdmins', there is a misconfiguration.
As outlined in the document, it is required to create a Device -> Administrator account for each AD account that will be used.
Hope this helps!
- Stefan
06-11-2012 10:24 AM
Please check the authentication profile and Authentication sequence. Are you referring to the correct profile for authentication. The empty spaces indicate that it is having trouble with the authentication profile
06-12-2012 12:14 AM
Hi and thanks for the reply. Please see attached pictures of my current
setup. The LDAP has contact with the server, so this is not the problem...
Best Regards/Vennlig Hilsen,
Kåre Tragethon
IT & Automasjon
Hallingplast AS
Tlf: +47 32 09 56 85
Fax: +47 32 09 55 94
Mob: +47 95 25 14 38
www.hallingplast.no
06-12-2012 02:27 AM
Could it be the classical mistake of using "domain.local" instead of just the netbios name "domain"?
Described in https://live.paloaltonetworks.com/thread/5050?tstart=0
06-12-2012 03:31 AM
Thanks but that didn't help. By the way, I'm only using LDAP (no user
agent)..... I could also mention that I'm only trying to access the
Management Interface at the moment. Could that be a problem?? Do I have to
create any security rules to allow access?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!