02-12-2014 11:19 AM
Running into an issue with LDAP authentication. I'am able to successfully login via LDAP authentication when the username does not contain a space. However if the username contains a space (ie palo alto) the system logs show "User \'test\palo alto\' failed authentication. Reason: Authentication profile not found for the user From: x.x.x.x". I recall finding some documentation on this issue which stated to add an "_", "-", or "." instead of the space for the username but that does not work. Anyone else have a fix or workaround for this issue?
02-14-2014 01:45 PM
I think this is the document you are referring to from April of 2012 and citing version 4.1 as the affected releases.
They mention future support may happen. This generally means an enhancement request was submitted. So you could check the release notes for versions higher than what you are currently running (where the issue obviously still exists) to see if this was addressed.
If you find this was not yet added, you can also check with the SE and have them place your vote for the enhancement in the Palo Alto Internal tracking system.
02-14-2014 04:11 PM
as I understand the problem is different here.You mean the user name has space, not Ldap profile name ? Is that correct ?
I did not test the user names which has space yet with 6.0, but I will asap.
02-17-2014 08:35 AM
Yes, panos has it. It is not because of the space in the profile name but the actual AD username. For example, when 'user.name' tries to log in via LDAP authentication then it works. However with 'user name' tries to log in via LDAP it says user not found even though their name appears in the PA via group mapping.
03-18-2014 05:33 AM
panos did you get a chance to test this?
Has a bug been reported for this?
03-18-2014 07:33 AM
hi,
I tested a user name with space but this is 5.0.7 in the lab with Global protect,
Ldap worked fine.
using panos 6 I will replicate it soon
03-18-2014 07:40 AM
Panos, you got a user with a space in their username to authenticate via LDAP? Did you attempt to authenticate into the GUI?
03-18-2014 08:34 AM
Let me try it for webgui
I did not before
03-18-2014 08:43 AM
how do you create a user with space ?
it is not allowed here
03-18-2014 12:37 PM
You cannot, that is part of the issue.
03-18-2014 12:40 PM
I recall seeing some document a while ago, which of course I cannot find now, that said if you put a '.','-',or '_' it should convert it into a space in LDAP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
