This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

LDAP Authentication Profile missing when trying to add administrator user

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

LDAP Authentication Profile missing when trying to add administrator user

Go to solution
jakeevans
L0 Member

‎12-12-2017 09:26 AM

I have created an authentication profile utilizing a connection to the LDAP servers. When I try to add an Administrator I am unable to select this authentication profile from the drop down menu. All that is available is "none."

 

I think that my server and authentication profiles are set up correctly as I am able to test the authentication profile using the commend line as follows:

 

admin@ddc-rt-fw-vpn-q08-2 vsys1> test authentication authentication-profile Auth-LDAP username u0852540 password
Enter password :

Target vsys: vsys1

Do allow list check before sending out authentication request...
name "ad\u0852540" is in group "all"

Authentication to LDAP server at X.X.X.X for user "u0852540"
Egress: X.X.X.X
Type of authentication: GSSAPI
Starting LDAPS connection...
Succeeded to create a session with LDAP server
DN sent to LDAP server: CN=u0852540,OU=People,DC=ad,DC=XXX,DC=edu
User expires in days: never

Authentication succeeded for user "u0852540"

 

Any thoughts or suggestions would be greatly appreciated.

 

Thanks!!

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
reaper
Cyber Elite
Cyber Elite

‎12-13-2017 04:12 AM

I think you created the authentication profile in vsys1

 

administrators are system level, so they can only use authentication profiles that are 'shared'

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
reaper
Cyber Elite
Cyber Elite

‎12-13-2017 04:12 AM

I think you created the authentication profile in vsys1

 

administrators are system level, so they can only use authentication profiles that are 'shared'

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

Go to solution
jakeevans
L0 Member
In response to reaper

‎12-13-2017 06:46 AM

Excellent advice! Problem solved!

 

For the record, I had to recreate my server profile in "shared" and then create a new authentication profile in "shared" as well. Once that was done I was able to create administrators using the "shared profile" and they were able to successfully log in.

 

Thanks so much for your help!

  • 1 accepted solution
  • 2185 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks