02-04-2011 01:29 AM
Hello,
for some reason we ( and many other customers ) are still experiencing issues regarding the use of ldap groups in an authenticatin profile for example SSL VPN.
We have microsoft AD as LDAP server and we went through every step in the well known following document ( eDirectory and LDAP authentication in PANOS 3 1 3.pdf)
When we specify a single LDAP user in our authentication profile , we are able to authenticate with that user , but members of LDAP groups are not working as it should be.
I made a pdf document with printscreens of our configuration ( pdf document attached ). As you can see in the document , the PA is able to read the members of the group.
Please anyone who has good advice for us ( and many other customers ) to make this work ?
thanks alot !
Securelink support !
03-02-2011 12:55 AM
From what I understand you need to make sure that you LDAP attibutes are in the correct case (I could be wrong)
In your "ldap_test_profile" the login attribute i think should be "sAMAccountName" and not "samaccountname" as displayed.
Hope this helps
03-02-2011 05:22 AM
in this case the domain needed to be removed from the ldap config since the domain only needs to be filled in when a panagent is also present
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
