Problem with Captive Portal authenticated by User AD

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Problem with Captive Portal authenticated by User AD

Not applicable

Hi all,

I got a problem when I use captive portal authenticated by user AD

- First, I install Palo Alto User Agent on AD machine, this job worked fine. On the traffic log of PA, I saw User AD.

- After that, I configure captive portal on PA and it works too, the user AD no need to login to Captive Portal (CP) and user not in AD must login via CP to use network resources. But after 30 mins, the problem occur some of users already in AD must login via CP to use network resources too. And after one day, all of users AD must login via CP.

- The PAN OS that I used is 4.1.7 and the User Agent version 4.1.4-3

Anyone met this issue? Any advise? Please help, thank so much.

1 ACCEPTED SOLUTION

Accepted Solutions

Did you ever changed timeout settings on User-id client? If not, then go ahead and change the value to 120 from 45, then commit on user-id client. Reset the connection one more time "debug user-id reset user-id-agent <name>". And see if mapping is stable.

snap_shot.PNG

View solution in original post

4 REPLIES 4

L5 Sessionator

Seems like there is some issue with user to ip-mapping. First check user-id agent status :

show user user-id-agent state all

Agent: usr_id(vsys: vsys1) Host: <agent-ip>:5007

        Status                                            : conn:idle(Connected to <agent-ip>(source: mgt-ip))

It should say "connected". Also on the agent, check if you are seeing users and also make sure user-id agent service is running.

One of the option that you can try is to reset the connection between user-id agent and firewall :

debug user-id reset user-id-agent <name>

After above, run "show user ip-user-mapping all". You should all your users. This should resolve your issue. Thanks.

Thank for your reply,

I already checked the agent status, it shows "connected". I also reset the connection, it can help but after a period of time, it happen again although the agent status still "connected". I think this is OS bug. Any advise?

Did you ever changed timeout settings on User-id client? If not, then go ahead and change the value to 120 from 45, then commit on user-id client. Reset the connection one more time "debug user-id reset user-id-agent <name>". And see if mapping is stable.

snap_shot.PNG

Thank you very much for your help. I think it stable now Smiley Happy

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!