This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

User-ID integration with a Samba domain?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

User-ID integration with a Samba domain?

mr.linus
L4 Transporter

‎02-26-2015 12:48 AM

Hey Guys,

I am installing a new PA at a customer who has a Samba domain instead of an AD domain.

I should point out that I know little about Samba.

Question is: how can I implement UserID?

* With the UserID agent -> This will not work, since the agent is only AD based, and since Samba does not have any security logs from which to read.

* With Captive Portal -> This will work, but is quite intrusive and is only for browser based traffic. Extra question: could I configure it to use NTLM? Not sure how authentication works in a Samba domain.

* With the GlobalProtect client + and internal Gateway -> This will work, but does require an extra license.

* Using some form of custom script + the API -> This should work as well, but then we will have the hassle of supporting a custom script. Extra question: anybody has made something like this and care to share?

* Any other ideas?

Thanks for the feedback

2 people had this problem.
Labels:
0 Likes Likes
4 REPLIES 4

Remo
L7 Applicator

‎08-19-2015 12:43 AM

The other possibility would be if you extract the user information you need from syslog messages which you could send directly to the firewall.

Or if you don't want to send syslog directly to the firewall or you do not want to allow connections to the Firewall API you could use the user-id-agent as kind of a proxy. This agent does also provide the User-ID XML API and the syslog receiver feature. After that you could configure this agent on the firewall and the firewall will get all the required information from this agent(s).

With the script: there I made some tests with a powershell script which parses a log file continuously and puts the information onto the firewall over the xml api.

0 Likes Likes

torm
L4 Transporter
In response to Remo

‎08-19-2015 04:22 AM

Just a quick comment to the first post here. With 7.0 now released, you can now setup Global Protect internal gateway without any additional license. 

0 Likes Likes

dati.segInf
L0 Member

‎06-01-2018 10:21 AM

 hi!

 

could you solve it?

0 Likes Likes

Rogerio
L0 Member

‎03-31-2023 05:00 AM

For those who got this far trying to integrate authentication with Samba, perhaps this article will help you. Try integrating through syslog:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRhCAK

 

 

0 Likes Likes
  • 5634 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks