logged in user are sent to captive portal

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

logged in user are sent to captive portal

L4 Transporter

hey

we have a situation the loggen in users are sent to the captive portal. event a few minutes or an hour after they have logged in to the conuter.

1) when this is happaning then the ip-user mapping shows no user for the IP

2) we cant simulate this behaviour

3) we played arround with the ip-port mapping timeouts

4) client probing is turned on and we verified that the PA user can see the logged in user user wmi

5) we dont have problems in recognizing ip-user mapping in the environment

7) we user agentless userID

😎 we user 5.0.5 pa 500

questions

1) do you have any idea what may cause this?

2) how can i turn on debugs on the userID and captive portal so i can see why the PA drop/doesnt have the user-ip mapping when this will occure again

3) if the IP is not recognized by pa that a user is logged in to it from the AD security log for some reason, why doesnt it use the client probing for checking the logged in user?

will appriciate any help for solving this issue until i will open a case

thanks

dor

11 REPLIES 11

L6 Presenter

what did you configure timeout value in user id ? (default 45 minutes)

we tried also 90 minutes for a period and it still happaned again

Do you still have issues when probing is off ?

didnt try turning of probing.

i will be at the customer site tommorow, for trying and testing everything, can you give me more troubelshooting tips?

to test the probing we tried to run a cms with runas and then use the wmi command that is mention in some documents on a machine the was sent to the captive portal, and we get the logged in user correctly

it is not normal if user gets a webform in a few minutes(Although user is Active Directory user)

This happens if wmi fails.

Check if all DC is connected with firewall

if issue goes on, try to install user id agent on a PC and do not use agentless system.Troubleshooting on agent is better.

ok. i am at the customer site and:

1) i found that probing was disabled

2) i try to turn it on and clear my ip-user mapping information for my station, should PA try and quary my station for my user or not?

how can i view the probing logs from the paloalto cli??

debug user-id dump probing-stats

"debug user-id dump probing-stats" is only giving me statistics

how can i view/export all the logs that are relevant to the user-id proccess so when a user tells me that he have been redirected to the captive portal. so i could take a look at the log in the time that a user complained, i will have is IP also and see WHY paloalto didnt have the mapping because he should had it

thanks

If you are using the user id agent and not the agentless you should see the probing failures in the debug log under palo alto networks folder under which you have installed the user id agent.

  • 4273 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!