- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-22-2014 06:55 AM
Hello
I've an issue on the PANOS 6.0.3
about enumaration of user or group in a security policy
I have to use the complete ldap syntax to found the user in the user source column
like this
and when i tried to browse directly with the select menue
I obtain this
loading but nothing appear
anybody have this issue?
10-22-2014 10:16 AM
Before that make sure you can see them in CLI with following command.
>show user group list
If it lists group than, I would suggest to restart management server once and see if that helps.
debug software restart management-server.
If that doesnt help than you might think of configuration changes.
10-22-2014 07:10 AM
Hello Gregoux,
You can refer to this document:
Cannot Pull Groups from Active Directory LDAP Server
-Also you can check if the Device>User Identification>Group Mapping Settings>Select the profile>Group Include list, if it is properly pulling the group information and if you have correct groups in the include list(if any).
-You can also try by creating a new group mapping profile to see if that fixes the issue.
-You haven't mentioned if its in panorama or local device. If its panorama, make you have properly selected the master device in the device group because that's where panorama pulls group info from that selected master device.
Regards,
Dileep
10-22-2014 08:10 AM
Hi Gregoux,
In the box type "cn=", it will pull all the groups. Basically you have to type something.
If you leave it blank than it takes more time to populate list. Which depends on management CPU of the box.
Same with the user name, you have to type user name in the box, It will pull the CN name. User name will never be auto populated like group names. You have to type something. Its by design.
Regards,
Hardik Shah
10-22-2014 09:37 AM
Hello Gregoux,
Please check if the user groups are being pulled in the CLI:
>show user group list
If it shows up there, it could be a GUI glitch. Try a different browser.
-Dileep
10-22-2014 09:41 AM
try to delete Ldap, commit then add Ldap profile again.
had similar issue but not the same.
10-22-2014 10:16 AM
Before that make sure you can see them in CLI with following command.
>show user group list
If it lists group than, I would suggest to restart management server once and see if that helps.
debug software restart management-server.
If that doesnt help than you might think of configuration changes.
10-27-2014 08:51 AM
yes I did it work's
I could list all the group but the sintax is cn=bla bla bla
but it's not enough to do it work's
10-27-2014 08:56 AM
The check box option administrator only is not involve in this case but interresting to know.
10-27-2014 09:05 AM
I downgrade the PANOS in 6.0.2 and it works just after. think if I just resart the management plane it could be works. typicaly it looks like a delay to enumerate the user and group when i tried to add a user or group in a security policy.
the command show user group -list work's, in panOS 6.0.3 and no specific entry in the release note about this.
thank you very much for all
and sorry for delay to answer.
10-27-2014 09:11 AM
Hi Gregoux,
I am glad issue is resolved finally. Release note may not have any detailed about this because it may not be a bug. And simple resource utilization issue.
Regards,
Hardik Shah
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!