- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
04-15-2011 03:35 PM
Is there a way to identify Mac users without turning captive-port on and having them login to get to the web? We are willing to do a mac address reservation so the user gets the same IP. We would really like to put this in without any real changes to the users. Thanks for any help on this.
04-21-2011 03:55 PM
You have 3 options for MAC user identification.
1) Captive Portal
2) Install a client that will do AD login
3) Make them connect via SSL VPN and surf through the VPN.
Steve Krall
04-21-2011 03:55 PM
You have 3 options for MAC user identification.
1) Captive Portal
2) Install a client that will do AD login
3) Make them connect via SSL VPN and surf through the VPN.
Steve Krall
04-25-2011 07:45 AM
I can confirm making them join AD in Snow Leopard works great. We track about 200+ Macs that way.
07-17-2012 06:37 AM
Hi Guys,
I am kind of facing the same issue. Is it possible for you guys to share on how you got it working? My client is using Snow Leopard version 10.1.6 I reckon (I am not an Apple geek, hence very limited knowledge). The MAC users are turning out as "unknown" users on the User-ID agent.
Any help or guidance on this would be great.
Thanks in advance.
Kind Regards,
Kalyan
12-17-2012 07:51 AM
Is there really no other way other than the three options listed? We have an all Mac/Linux environment. It would be impossible to deploy a Windows AD server for this. To have 300+ users log in via a web form each time they want to get on the internet isn't really an option. We'd have the same problems requesting them to all use the SSL VPN as well, especially when they are in the office. Is there not an agent for Linux LDAP/Radius environments? Are there any plans for one?
12-17-2012 01:13 PM
You can get User-ID to work with OpenDirectory, but it requires a script using the XML API. That is not supported by Palo Alto Networks support, but it's worth looking at. Essentially you would take login events on your OpenDirectory server and syslog those events. Parse through the data and use the API to send those to the User-ID Agent.
Here's a popular document that a lot of folks are using:
UserID API integration using Syslog
Good luck!
Greg Wesson
12-17-2012 01:21 PM
I have had success with using the Exchange log monitor. Of course that will only work if you have an internal Exchange server. This is one reason I will not be taking our students to GMail anytime soon.
Bob
12-28-2012 12:46 PM
Are the Macs joined to Active Directory?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!