04-02-2019 09:00 PM
Under group mappings of LDAP i have so many AD groups.
But when i run below command
show user group list
Total: 1
1* : Custom Group
IT does not show me any group names from AD?
what is the reason for that?
Also what is difference between Custom group and AD groups in LDAP?
04-03-2019 10:35 AM
I checked user id agent LDAP proxy is not checked.
04-03-2019 10:36 AM
When i expand i can see the OU for the groups.
So OU groups should show up in the CLI or not?
04-04-2019 04:10 AM
yes they should, i can see all of mine.
were these groups pushed to the firewall via a panorama template or setup directly on the firewall.
04-04-2019 09:11 PM
These were setup directly on firewall.
Any idea what should i do next?
Thanks for your help so far.
04-05-2019 12:25 AM
i'm running out of ideas but perhaps you could go into group mapping settings and post the server profile and i will compare it with some of mine.
04-05-2019 06:06 AM
it is added
04-05-2019 06:48 AM
in your screen shot i can see you are using "group" as the object class.
this is the same as me but can you make sure you have no space or spaces after the word "group" as this also causes to display custom groups only.
also... check on AD that the any of the groups you are using have the attribute ObjectClass set to "group"
04-05-2019 03:04 PM
no there is no space in the group before and after.
can you please tell me in more detaul what i need to check from server team?
04-06-2019 02:04 AM
Give them a couple of examples of your included group names and ask them the what the attribute “ObjectClass” is for these groups.
04-08-2019 05:05 AM
ost a screen shot of ...
show user group-mapping state all
04-08-2019 12:38 PM - edited 02-09-2023 08:48 AM
senstive info
04-12-2019 05:08 PM
Can anyone answer the next step on this please?
04-15-2019 12:54 PM
Hi @MP18
Is this a firewallcluster? If yes, how does it look like on the passive node? What PAN-OS version is the firewall running? Did you try this already: reboot? Did you notice this after a change in the group mapping settings? If yes, does it show again correctly if you remove the group again?
04-15-2019 03:37 PM
yes this is active passive PA
PA 5050
PAN OS 8.0.9
I can not reboot this as it is crtical for the Corp.
I see same config in the passive PA
04-16-2019 12:39 AM
@MP18 wrote:I can not reboot this as it is crtical for the Corp.
I see same config in the passive PA
The same config and also the same output?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
