I have a question. Maybe someone has run across this.
I am using the server monitoring function of Palo
I realize that I can use the user-ID agent and set it to never forget the user mapping, but I am looking for a more accurate way of keeping this mapping.
We have mac's that authenticate to a win 2008 domain. Initially I get the user to ip mapping, after the Palo cache expires the mapping is lost. Mac's do not auto update the cache.
My windows machines work normally, The initial mapping is correct and if I use any network resources the user mapping gets updated in Palo.
Any idea's, suggestions, etc
When you are using windows machine in AD, you open a session and then after that, periodically, your session is renewed in the AD.
The palo is polling your security event and see, ever you new session and your renew then update is local cahe then you stay authenticated.
In Mac world, not sure but , you open a session in AD then generate event then be authen in the palo. After couple of minutes, maybe your Mac doon't ask for session renew then no event in the AD then your authenti expire in the palo.. If you try to access a network ressource, in background you are authenticate again in the domain then you are known by the palo.
To be sure, you can check the event in your AD:
SUCCESS_NET_LOGON = 540,
AUTH_TICKET_GRANTED = 672,
SERVICE_TICKET_GRANTED = 673,
TICKET_GRANTED_RENEW = 674,
ACCOUNT_USED_FOR_LOGON = 680,
LOGON_SUCCESS_W2008 = 4624,
AUTH_TICKET_GRANTED_W2008 = 4768,
TICKET_GRANTED_RENEW_W2008 = 4770,
ACCOUNT_USED_FOR_LOGON_W2008 = 4776,
I agree that is whats happening, except when I use a network resource with the mac, it never creates a new security log.
The resource (mapped share, printer, etc) do work on the mac, but i do not see any security logs being renewed..
I did a custom filter on AD log for the mentioned ID events
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!