For details on cookie usage on our site, read our Privacy Policy
Problem with domain users to log in Palo Alto's Portal
- LIVEcommunity
- Discussions
- General Topics
- Problem with domain users to log in Palo Alto's Portal
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Problem with domain users to log in Palo Alto's Portal
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-03-2014 02:06 AM
HI all. I have the problem with domain users to log in Palo Alto's Portal. I configured as document: Admin Guide v5.0 already. However, It doesn't work correctly, domain account cannot log in. Please support me to fix this problem. Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-03-2014 02:30 AM
Are you using agent or agentless options od AD integration?
Please share with us screenshot of your LDAP profile (in domain field should be netbios name of your domain - this is common mistake)
Regards
Slawek
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-03-2014 03:42 AM
Hi Slv,
I used agentless AD integration.
My LDAP profile Picture as below:
Palo Alto sees user accounts in domain:
However I configured domain user account to enable log on Portal of Palo Alto as below:
After that, I log in Palo Alto Portal, but error appears
This user belongs to domain.
Thanks
Regards,
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-03-2014 03:57 AM
Hi Hientt
The field with arrow is really empty?
From CLI please lunch
show user ip-user-mapping all
or
show user user-IDs match-user g10005
Did You see users from selected OU ?
Regards
SLawek
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-03-2014 04:14 AM
Hi,
The field with arrow is empty.
From CLI, I typed as your comment and saw information of user accounts:
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-03-2014 04:27 AM
Please put in Domain your netbios domain name, ie for contoso.local you should put there contoso
If You try to logon using contoso\g10005 what did you get in system logs related to logon process?
What version of PAN are You using?
I have 5.0.9 and in Device>Management>Authentication settings I have info "Authentication profile to use for non-local admins. Only RADIUS method is supported."
Maybe thsi is a problem?
Regards
Slawek
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-03-2014 04:38 AM
Hi Slv,
I have version 5.0.8. In addition, I have domain name. For example: abc.cde.local .So What do I have to put in Domain ?
I'm from Vietnam, so I came back home. I will try later.
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-03-2014 04:55 AM
That's good question, in my opinion please put abc.cde and try to logon using abc.cde\g10005.
I can recomendate for troubleshooting create security policy that will allow ie. accees for google.com only for g10005 user and You will see is it working or now.
Regards
Slawek
- LSVPN Satellite fails to authenticate in General Topics
- Global Protect credential error for mutual domain but seperate active directory in GlobalProtect Discussions
- Captive portal 403 forbidden in General Topics
- Prisma access blocking bing.com integrated chatgpt. in General Topics
- Global Protect on Windows 11 Home edition ARM Processor in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
