For details on cookie usage on our site, read our Privacy Policy
problem with group membership display in PAOS 5.0
- LIVEcommunity
- Discussions
- General Topics
- Re: problem with group membership display in PAOS 5.0
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
problem with group membership display in PAOS 5.0
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-06-2013 10:57 PM
I use the command :"show user group name domain \domain users" , the response from the firewall is :"User group 'domain\domain users' does not exist or does not have members" .
The domain users is the default group for the new user, I think maybe some error for the group membership display in the PA firewall. The PAOS version I used is the 5.0.8
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-06-2013 11:55 PM
I also try to use "show user group name "cn=domain users,cn=users,dc=xxx,dc=local", The same error prompt :User group 'cn=domain users,cn=users,dc=xxx,dc=local' does not exist or does not have members. I am sure some users are included in this group.
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2013 08:05 AM
Hello ZongguoWei,
If you don't have many user-groups, could you please provide me the output for
> show user group list
> show user group-mapping state all
Thanks and regards,
Kunal Adak
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2013 06:03 PM
Hello,
Please follow this document and ensure the device is correctly configured to pull groups from the Ldap server.
How to Configure Group Mapping settings?
CLI commands to check the groups retrieved and connection to the LDAP server:
> show user group-mapping state all //shows the connection to ldap server and must show the 'domain users' group retrieved.
Thanks,
Aditi
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2013 11:03 PM
Hi, The follow message:
show user group list
cn=administrators,cn=builtin,dc=xxx,dc=local
cn=domain admins,cn=users,dc=xxx,dc=local
cn=users,cn=builtin,dc=xxx,dc=local
cn=webaccess,ou=slls- user groups,dc=xxx,dc=local
cn=fullinternetaccess,ou=xxx- user groups,dc=xxx,dc=local
cn=domain users,cn=users,dc=xxx,dc=local
cn=guests,cn=builtin,dc=xxx,dc=local
cn=domain guests,cn=users,dc=xxx,dc=local
cn=dnsadmins,cn=users,dc=xxx,dc=local
I have marked the real domail information and replaced with xxx.
Also:
show user group-mapping state all
Group Mapping(vsys1, type: active-directory): xxx
Bind DN : xxx@xxx.LOCAL
Base : DC=xxx,DC=LOCAL
Group Filter: (None)
User Filter: (None)
Servers : configured 2 servers
10.227.1.1(389)
Last Action Time: 29 secs ago(took 0 secs)
Next Action Time: In 31 secs
10.227.1.2(389)
Number of Groups: 7
cn=users,cn=builtin,dc=xxx,dc=local
cn=guests,cn=builtin,dc=xxx,dc=local
cn=domain users,cn=users,dc=xxx,dc=local
cn=domain admins,cn=users,dc=xxx,dc=local
cn=domain guests,cn=users,dc=xxx,dc=local
cn=dnsadmins,cn=users,dc=xxx,dc=local
cn=administrators,cn=builtin,dc=xxx,dc=local
I want to know what's the action when I use the command :"debug user-id refresh/reset group-mapping all " ?
- Some users not able to connect to GlobalProtect in GlobalProtect Discussions
- A new comment has been added on a case [Case#: 02407876] - Unable to log into Support Portal in General Topics
- Use IP filter in ACC Report,but show "No data to display" in General Topics
- AIOps for NGFW Best Practice Report in AIOps for NGFW Discussions
- Cortex XDR block explorer.exe, network interfaces and other programs - PC (Windows) isn't usable in Cortex XDR Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
