This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Panorama 4.1.8 LDAP Failure

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Panorama 4.1.8 LDAP Failure

Go to solution
sitecore
Not applicable

‎09-25-2012 04:24 AM

Having upgraded our Panorama from 4.1.7 to 4.1.8 - we can no longer use the LDAP user authentication.

The user constantly gets "invalid username or password" (same message on the Panorama) - yet this worked without any problems with 4.1.7

On Panorama - one can see that in the LDAP profile - the Base option is never getting populated (dropdown option is only "none" rather than domain name).

Is this a new "feature" ?

Br

JørgeDA

Labels:
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
reaper
Cyber Elite
Cyber Elite

‎09-27-2012 12:36 AM

Hi

Please try removing the "domain" entry in the ldap/kerberos profile, this can cause issues with the actual autentication

regards

Tom

Tom Piens
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy

View solution in original post

0 Likes Likes
22 REPLIES 22

Go to solution
tstokkeland
Not applicable

‎09-25-2012 05:10 AM

I am having the exact same issue on a PA-2050 and on panorama - I am downgrading for the time being...

0 Likes Likes

Go to solution
jochristian
L4 Transporter
In response to tstokkeland

‎09-25-2012 05:32 AM

Hello,

We are having the same/similar issue on a PA-2050 and on Panorama.

The reason why I write similar is because I noticed the problem after not being able to log into the PA at all after upgrading after some time.

When I looked at the cpu usage on the PA (show system resources follow) it showed that the authd is using 100% cpu and this "blocks" all other attempts to authenticate on the PA (localusers, radius, ldap etc..).

I still had problems after downgrading to version 4.1.7, but then I noticed a error message in the systemlog regarding ldap not being able to connect to the ldap server on SSL..

I disabled SSL and changed the ldap port to 389 and everything seems to be working OK.

I have opened up a case on support (#00096705) and the issue has been escalated to TAC.

Jo Christian

/Jo Christian
0 Likes Likes

Go to solution
tstokkeland
Not applicable
In response to jochristian

‎09-25-2012 05:34 AM

just more fyi - I downgraded my pa-2050 and ldap auth (for admin login) started working again - leaving my panorama at 4.1.8 for now in hopes of a fix coming soon Smiley Happy

0 Likes Likes

Go to solution
EdwinD
L3 Networker
In response to tstokkeland

‎09-25-2012 12:31 PM

This is specifically LDAP authentication into the administrative website of the Palo Alto *only*, correct?

I am having other issues in 4.1.7 that I really need resolved and are known fixes in 4.1.8.    I use LDAP for user based rules, however my admin users are all locally defined to the PAs.   

Thanks.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks