LDAP Authentication Fails Becuase Username Has Space

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LDAP Authentication Fails Becuase Username Has Space

L2 Linker

Running into an issue with LDAP authentication.  I'am able to successfully login via LDAP authentication when the username does not contain a space.  However if the username contains a space (ie palo alto) the system logs show "User \'test\palo alto\' failed authentication.  Reason: Authentication profile not found for the user From: x.x.x.x". I recall finding some documentation on this issue which stated to add an "_", "-", or "." instead of the space for the username but that does not work.  Anyone else have a fix or workaround for this issue?

10 REPLIES 10

L7 Applicator

I think this is the document you are referring to from April of 2012 and citing version 4.1 as the affected releases.

Invalid Username/Password

They mention future support may happen.  This generally means an enhancement request was submitted.  So you could check the release notes for versions higher than what you are currently running (where the issue obviously still exists) to see if this was addressed.

If you find this was not yet added, you can also check with the SE and have them place your vote for the enhancement in the Palo Alto Internal tracking system.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L6 Presenter

as I understand the problem is different here.You mean the user name has space, not Ldap profile name ? Is that correct ?

I did not test the user names which has space yet with 6.0, but I will asap.

Yes, panos has it.  It is not because of the space in the profile name but the actual AD username.  For example, when 'user.name' tries to log in via LDAP authentication then it works. However with 'user name' tries to log in via LDAP it says user not found even though their name appears in the PA via group mapping.

panos did you get a chance to test this?

Has a bug been reported for this?

hi,

I tested a user name with space but this is 5.0.7 in the lab with Global protect,

Ldap worked fine.

using panos 6 I will replicate it soon

Panos, you got a user with a space in their username to authenticate via LDAP? Did you attempt to authenticate into the GUI?

Let me try it for webgui

I did not before

how do you create a user with space ?

it is not allowed here

11t.png

You cannot, that is part of the issue.

I recall seeing some document a while ago, which of course I cannot find now, that said if you put a '.','-',or '_' it should convert it into a space in LDAP.

  • 8327 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!