I got a problem when I use captive portal authenticated by user AD
- First, I install Palo Alto User Agent on AD machine, this job worked fine. On the traffic log of PA, I saw User AD.
- After that, I configure captive portal on PA and it works too, the user AD no need to login to Captive Portal (CP) and user not in AD must login via CP to use network resources. But after 30 mins, the problem occur some of users already in AD must login via CP to use network resources too. And after one day, all of users AD must login via CP.
- The PAN OS that I used is 4.1.7 and the User Agent version 4.1.4-3
Anyone met this issue? Any advise? Please help, thank so much.
Seems like there is some issue with user to ip-mapping. First check user-id agent status :
show user user-id-agent state all
Agent: usr_id(vsys: vsys1) Host: <agent-ip>:5007
Status : conn:idle(Connected to <agent-ip>(source: mgt-ip))
It should say "connected". Also on the agent, check if you are seeing users and also make sure user-id agent service is running.
One of the option that you can try is to reset the connection between user-id agent and firewall :
debug user-id reset user-id-agent <name>
After above, run "show user ip-user-mapping all". You should all your users. This should resolve your issue. Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!