LDAP Authentication Fails Becuase Username Has Space

Reply
Highlighted
L2 Linker

LDAP Authentication Fails Becuase Username Has Space

Running into an issue with LDAP authentication.  I'am able to successfully login via LDAP authentication when the username does not contain a space.  However if the username contains a space (ie palo alto) the system logs show "User \'test\palo alto\' failed authentication.  Reason: Authentication profile not found for the user From: x.x.x.x". I recall finding some documentation on this issue which stated to add an "_", "-", or "." instead of the space for the username but that does not work.  Anyone else have a fix or workaround for this issue?

Highlighted
L7 Applicator

I think this is the document you are referring to from April of 2012 and citing version 4.1 as the affected releases.

Invalid Username/Password

They mention future support may happen.  This generally means an enhancement request was submitted.  So you could check the release notes for versions higher than what you are currently running (where the issue obviously still exists) to see if this was addressed.

If you find this was not yet added, you can also check with the SE and have them place your vote for the enhancement in the Palo Alto Internal tracking system.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L6 Presenter

as I understand the problem is different here.You mean the user name has space, not Ldap profile name ? Is that correct ?

I did not test the user names which has space yet with 6.0, but I will asap.

Highlighted
L2 Linker

Yes, panos has it.  It is not because of the space in the profile name but the actual AD username.  For example, when 'user.name' tries to log in via LDAP authentication then it works. However with 'user name' tries to log in via LDAP it says user not found even though their name appears in the PA via group mapping.

Highlighted
L4 Transporter

panos did you get a chance to test this?

Has a bug been reported for this?

Highlighted
L6 Presenter

hi,

I tested a user name with space but this is 5.0.7 in the lab with Global protect,

Ldap worked fine.

using panos 6 I will replicate it soon

Highlighted
L2 Linker

Panos, you got a user with a space in their username to authenticate via LDAP? Did you attempt to authenticate into the GUI?

Highlighted
L6 Presenter

Let me try it for webgui

I did not before

Highlighted
L6 Presenter

how do you create a user with space ?

it is not allowed here

11t.png

Highlighted
L2 Linker

You cannot, that is part of the issue.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!