PAN-Agent - Domain on User-ID

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PAN-Agent - Domain on User-ID

L1 Bithead

How can I remove the Domain information from the User information?

Domain/UserID to just UserID.

I notice that I am getting this information from the PAN-Agent and the Terminal-Agent.

Reason:  I am also using LDAP Authentication for SSL-VPN/Admin which does not use the Domain information so I have to add the user account manually to to the Allow-List on the Authentication Profile instead of using the information from the PAN-Agent User list.

1 accepted solution

Accepted Solutions

L4 Transporter

hello Blacksan,

there isn't a way to strip off  the domain information from the user information gathered from the User identification via the Paloalto device. You would have to do this manually outside of the Pan device (perhaps via a word editor) then manually import the altered list back into the allow list for the authentication profile.

View solution in original post

3 REPLIES 3

L4 Transporter

hello Blacksan,

there isn't a way to strip off  the domain information from the user information gathered from the User identification via the Paloalto device. You would have to do this manually outside of the Pan device (perhaps via a word editor) then manually import the altered list back into the allow list for the authentication profile.

ok, how about reverse the question.

LDAP Authentication vs RADIUS Authentication.

Under Radius, we have the option to add the domain so we can use the PAN-Agent information for authentication & policy.

Do we have the same options under LDAP hidden somewhere?

You do have this ability. The LDAP server object includes a Domain field. This field will be used by the firewall to match users enumerated from LDAP with users mapped via the TS agent or the AD agent.

Nick

  • 1 accepted solution
  • 3390 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!