I am installing a new PA at a customer who has a Samba domain instead of an AD domain.
I should point out that I know little about Samba.
Question is: how can I implement UserID?
* With the UserID agent -> This will not work, since the agent is only AD based, and since Samba does not have any security logs from which to read.
* With Captive Portal -> This will work, but is quite intrusive and is only for browser based traffic. Extra question: could I configure it to use NTLM? Not sure how authentication works in a Samba domain.
* With the GlobalProtect client + and internal Gateway -> This will work, but does require an extra license.
* Using some form of custom script + the API -> This should work as well, but then we will have the hassle of supporting a custom script. Extra question: anybody has made something like this and care to share?
* Any other ideas?
Thanks for the feedback
The other possibility would be if you extract the user information you need from syslog messages which you could send directly to the firewall.
Or if you don't want to send syslog directly to the firewall or you do not want to allow connections to the Firewall API you could use the user-id-agent as kind of a proxy. This agent does also provide the User-ID XML API and the syslog receiver feature. After that you could configure this agent on the firewall and the firewall will get all the required information from this agent(s).
With the script: there I made some tests with a powershell script which parses a log file continuously and puts the information onto the firewall over the xml api.
Just a quick comment to the first post here. With 7.0 now released, you can now setup Global Protect internal gateway without any additional license.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!