show user group list - Shows custom group only

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

show user group list - Shows custom group only

Cyber Elite
Cyber Elite

Under group mappings of LDAP i have so many AD groups.

 

But when i run below command 

 

show user group list


Total: 1
1* : Custom Group

 

IT does not show me any group names from AD?

what is the reason for that?

 

Also what is difference between Custom group and AD groups in LDAP?

MP

Help the community: Like helpful comments and mark solutions.
30 REPLIES 30

I checked user id agent LDAP proxy is not checked.

MP

Help the community: Like helpful comments and mark solutions.

When i expand i can see the OU for the groups.

So OU groups should show up in the CLI or not?

MP

Help the community: Like helpful comments and mark solutions.

yes they should, i can see all of mine.

 

were these groups pushed to the firewall via a panorama template or setup directly on the firewall. 

These were setup directly on firewall.

Any idea what should i do next?

 

Thanks for your help so far.

MP

Help the community: Like helpful comments and mark solutions.

i'm running out of ideas but perhaps you could go into group mapping settings and post the server profile and i will compare it with some of mine.

it is added

MP

Help the community: Like helpful comments and mark solutions.

in your screen shot i can see you are using "group" as the object class.

 

this is the same as me but can you make sure you have no space or spaces after the word "group" as this also causes to display custom groups only.

 

also... check on AD that the any of the groups you are using have the attribute ObjectClass set to "group" 

no there is no space in the group before and after.

can you please tell me in more detaul what i need to check from server team?

MP

Help the community: Like helpful comments and mark solutions.

Give them a couple of examples of your included group names and ask them the what the attribute “ObjectClass” is for these groups.

ost a screen shot of ...

 

show user group-mapping state all

senstive info

MP

Help the community: Like helpful comments and mark solutions.

Can anyone answer the next step on this please?

MP

Help the community: Like helpful comments and mark solutions.

L7 Applicator

Hi @MP18 

 

Is this a firewallcluster? If yes, how does it look like on the passive node? What PAN-OS version is the firewall running? Did you try this already: reboot? Did you notice this after a change in the group mapping settings? If yes, does it show again correctly if you remove the group again?

yes this is active passive PA

 

PA 5050

 

PAN  OS  8.0.9

 

I can not reboot this as it is crtical for the Corp.

I see same config in the passive PA

 

MP

Help the community: Like helpful comments and mark solutions.

L7 Applicator

@MP18 wrote:

I can not reboot this as it is crtical for the Corp.

I see same config in the passive PA


The same config and also the same output?

  • 7442 Views
  • 30 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!