LDAP Authentication Profile allow list 'all'

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LDAP Authentication Profile allow list 'all'

L3 Networker

When configuring an LDAP Authentication Profile what does the 'all' refer to in the allow list? 

5 REPLIES 5

L7 Applicator

All is a reference to any user.

if you only wanted members of a certain group or individual users  to use this authentication profile then you would add them here.

Thanks. And to clarify if a user isn't defined as an Administrator or as a Captive Portal or GlobalProtect user either explicitly or as a group member, then authentication will fail with something like an "Authentication profile not found for the user" message in the system log? Simply selecting 'all' in the allow list does not grant everyone the ability to login to the firewall, correct?

Yes  I think so...

 

I only say "think so" as i have never used any other option than "ALL". so i dont know what the system log would say...  but i'm sure you have already seen this...

 

To allow all only means that all users can attempt to authenticate against this profile... 

 

 

ok just tested the auth with a test profile without me in the allow list.

 

system log   ...

 

failed authentication for user "Me" Reason: user is not in allow list. auth profile Radius Test.

 

Boom! 

 

I did a similar test and got a similar result. 

 

AFAIK setting the allow list to 'all' and relying on authentication profiles is the cleanest way to go about provisioning permissions, but if I'm mistaken please let me know.

  • 7204 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!