I have come through as a requirement from one of my clients, They are using RADIUS Server for RSA authentication for globalprotect, but in USER ID they are using OpenLDAP, So in the ip-user-mapping, Whenever user connecting to globalprotect, I can see the user detecting from the GP and the only as "username", but the customer has configured a user group based policy and the user detected as "domain\username".
Due to this user traffic not hitting on the user-based policy, Is there a way we can integrate RADIUS and LDAP for globalprotect. Or any other suggestion to achieve this with another workaround.
As far as I know PA can use RADIUS user groups only in authentication profiles (checking if user belongs to certain group after succesful authentication).
For security (or any other) policies PA can only use user groups obtained from LDAP servers. So consider switching GP authentication to LDAP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!