Is there a way to identify Mac users without turning captive-port on and having them login to get to the web? We are willing to do a mac address reservation so the user gets the same IP. We would really like to put this in without any real changes to the users. Thanks for any help on this.
Solved! Go to Solution.
I am kind of facing the same issue. Is it possible for you guys to share on how you got it working? My client is using Snow Leopard version 10.1.6 I reckon (I am not an Apple geek, hence very limited knowledge). The MAC users are turning out as "unknown" users on the User-ID agent.
Any help or guidance on this would be great.
Thanks in advance.
Is there really no other way other than the three options listed? We have an all Mac/Linux environment. It would be impossible to deploy a Windows AD server for this. To have 300+ users log in via a web form each time they want to get on the internet isn't really an option. We'd have the same problems requesting them to all use the SSL VPN as well, especially when they are in the office. Is there not an agent for Linux LDAP/Radius environments? Are there any plans for one?
You can get User-ID to work with OpenDirectory, but it requires a script using the XML API. That is not supported by Palo Alto Networks support, but it's worth looking at. Essentially you would take login events on your OpenDirectory server and syslog those events. Parse through the data and use the API to send those to the User-ID Agent.
Here's a popular document that a lot of folks are using:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!