This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Problem with domain users to log in Palo Alto's Portal

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Problem with domain users to log in Palo Alto's Portal

Hientt6
Not applicable

‎03-03-2014 02:06 AM

HI all. I have the problem with domain users to log in Palo Alto's Portal. I configured as document: Admin Guide v5.0 already. However, It doesn't work correctly, domain account cannot log in. Please support me to fix this problem. Thanks

0 Likes Likes
7 REPLIES 7

_slv_
L4 Transporter

‎03-03-2014 02:30 AM

Are you using agent or agentless options od AD integration?

Please share with us screenshot of your LDAP profile (in domain field should be netbios name of your domain - this is common mistake)

Regards

Slawek

0 Likes Likes

Hientt6
Not applicable
In response to _slv_

‎03-03-2014 03:42 AM

Hi Slv,

I used agentless AD integration.

My LDAP profile Picture as below:

Palo Alto sees user accounts in domain:

However I configured domain user account to enable log on Portal of Palo Alto as below:

After that, I log in Palo Alto Portal, but error appears

This user belongs to domain.

Thanks

Regards,

0 Likes Likes

_slv_
L4 Transporter

‎03-03-2014 03:57 AM

Hi Hientt

2014-03-03_125218.png

The field with arrow is really empty?

From CLI please lunch

show user ip-user-mapping all

or

show user user-IDs match-user g10005

Did You see users from selected OU ?

Regards

SLawek

0 Likes Likes

Hientt6
Not applicable
In response to _slv_

‎03-03-2014 04:14 AM

Hi,

The field with arrow is empty.

From CLI, I typed as your comment and saw  information of user accounts:

Thanks

0 Likes Likes

_slv_
L4 Transporter
In response to Hientt6

‎03-03-2014 04:27 AM

Please put in Domain your netbios domain name, ie for contoso.local you should put there contoso

If You try to logon using contoso\g10005 what did you get in system logs related to logon process?

What version of PAN are You using?

I have 5.0.9 and in Device>Management>Authentication settings I have info "Authentication profile to use for non-local admins. Only RADIUS method is supported."

Maybe thsi is a problem?

Regards

Slawek

0 Likes Likes

Hientt6
Not applicable
In response to _slv_

‎03-03-2014 04:38 AM

Hi Slv,

I have version 5.0.8. In addition, I have domain name. For example: abc.cde.local .So What do I have to put in Domain ?

I'm from Vietnam,  so I came back home. I will try later.

Thanks

0 Likes Likes

_slv_
L4 Transporter
In response to Hientt6

‎03-03-2014 04:55 AM

That's good question, in my opinion please put abc.cde and try to logon using abc.cde\g10005.

I can recomendate for troubleshooting create security policy that will allow ie. accees for google.com only for g10005 user and You will see is it working or now.

Regards

Slawek

0 Likes Likes
  • 3902 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks