PAN-Agent - Domain on User-ID

Reply
Highlighted
L1 Bithead

PAN-Agent - Domain on User-ID

How can I remove the Domain information from the User information?

Domain/UserID to just UserID.

I notice that I am getting this information from the PAN-Agent and the Terminal-Agent.

Reason:  I am also using LDAP Authentication for SSL-VPN/Admin which does not use the Domain information so I have to add the user account manually to to the Allow-List on the Authentication Profile instead of using the information from the PAN-Agent User list.


Accepted Solutions
Highlighted
L4 Transporter

hello Blacksan,

there isn't a way to strip off  the domain information from the user information gathered from the User identification via the Paloalto device. You would have to do this manually outside of the Pan device (perhaps via a word editor) then manually import the altered list back into the allow list for the authentication profile.

View solution in original post


All Replies
Highlighted
L4 Transporter

hello Blacksan,

there isn't a way to strip off  the domain information from the user information gathered from the User identification via the Paloalto device. You would have to do this manually outside of the Pan device (perhaps via a word editor) then manually import the altered list back into the allow list for the authentication profile.

View solution in original post

Highlighted
L1 Bithead

ok, how about reverse the question.

LDAP Authentication vs RADIUS Authentication.

Under Radius, we have the option to add the domain so we can use the PAN-Agent information for authentication & policy.

Do we have the same options under LDAP hidden somewhere?

Highlighted
L2 Linker

You do have this ability. The LDAP server object includes a Domain field. This field will be used by the firewall to match users enumerated from LDAP with users mapped via the TS agent or the AD agent.

Nick

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!