Problems with user mapping

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Problems with user mapping

L0 Member

Hello.

I have a little problem with user-ip mapping i have instaled PAN Agent on a server configured it and started from what i can see it reads security logs and from there maps ip to a user. Those logs presents users as shortdomainname\user. The problem is when device have to compare it to a LDAP mapped groups where users are identified as long.domain.name\user. This way i cant use proper url-fitering using users - group association. is there any way to configure ldap to use shortdomainname or PAN agent to extend shortdoaminname to long.domain.name.

I`m using os 4.1.6 and agent 4.1.4-3.

1 accepted solution

Accepted Solutions

L5 Sessionator

Hello,

You may have your LDAP server profile configured with the FQDN domain name instead of the NETBIOS name.

The domain field for the LDAP server profile should have the NETBIOS name. Anything in this field gets prepended to the user's name.

For instance, if your domain is testdomain.com, the domain field should be:

testdomain

Here are two great documents to read over for UserID related issues and configuration in 4.1:

https://live.paloaltonetworks.com/docs/DOC-2132

https://live.paloaltonetworks.com/docs/DOC-3120

Please let me know if this helps.

-Jason

View solution in original post

2 REPLIES 2

L5 Sessionator

Hello,

You may have your LDAP server profile configured with the FQDN domain name instead of the NETBIOS name.

The domain field for the LDAP server profile should have the NETBIOS name. Anything in this field gets prepended to the user's name.

For instance, if your domain is testdomain.com, the domain field should be:

testdomain

Here are two great documents to read over for UserID related issues and configuration in 4.1:

https://live.paloaltonetworks.com/docs/DOC-2132

https://live.paloaltonetworks.com/docs/DOC-3120

Please let me know if this helps.

-Jason

Yes it worked thank You very much

  • 1 accepted solution
  • 2968 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!