Mac Users and User-ID

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Mac Users and User-ID

Not applicable

Is there a way to identify Mac users without turning captive-port on and having them login to get to the web?  We are willing to do a mac address reservation so the user gets the same IP.  We would really like to put this in without any real changes to the users.  Thanks for any help on this.

1 accepted solution

Accepted Solutions

L4 Transporter

You have 3 options for MAC user identification.

1) Captive Portal

2) Install a client that will do AD login

3) Make them connect via SSL VPN and surf through the VPN.

Steve Krall

View solution in original post

7 REPLIES 7

L4 Transporter

You have 3 options for MAC user identification.

1) Captive Portal

2) Install a client that will do AD login

3) Make them connect via SSL VPN and surf through the VPN.

Steve Krall

L4 Transporter

I can confirm making them join AD in Snow Leopard works great. We track about 200+ Macs that way.

L4 Transporter

Hi Guys,

I am kind of facing the same issue.  Is it possible for you guys to share on how you got it working?  My client is using Snow Leopard version 10.1.6 I reckon (I am not an Apple geek, hence very limited knowledge). The MAC users are turning out as "unknown" users on the User-ID agent.

Any help or guidance on this would be great.

Thanks in advance.

Kind Regards,

Kalyan

Is there really no other way other than the three options listed? We have an all Mac/Linux environment. It would be impossible to deploy a Windows AD server for this. To have 300+ users log in via a web form each time they want to get on the internet isn't really an option. We'd have the same problems requesting them to all use the SSL VPN as well, especially when they are in the office. Is there not an agent for Linux LDAP/Radius environments? Are there any plans for one?

You can get User-ID to work with OpenDirectory, but it requires a script using the XML API. That is not supported by Palo Alto Networks support, but it's worth looking at. Essentially you would take login events on your OpenDirectory server and syslog those events. Parse through the data and use the API to send those to the User-ID Agent.

Here's a popular document that a lot of folks are using:

UserID API integration using Syslog

Good luck!

Greg Wesson

I have had success with using the Exchange log monitor.  Of course that will only work if you have an internal Exchange server.  This is one reason I will not be taking our students to GMail anytime soon.

Bob

Are the Macs joined to Active Directory?

  • 1 accepted solution
  • 5312 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!