08-17-2011 07:40 AM
we use the pan-agent installed on a DC to read out the users of some AD groups. Works fine so far. The only problem we got is, that if a user is removed from an AD group, I will always have to run the "clear uid-gids-cache" command on the device to get the user removed from the PAN cache.
The pan-agent doenst show the removed user any more and a "show user pan-agent user-IDs" also doenst show the user, so it must be in cache.
Is there a way to automate that process or is there a way to set the uid-gids-cache timeout on the device?
Device is a PA500 with PAN 4.0.4
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!