User-ID Problem. LOGs show "machine-names" instead of "usernames"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

User-ID Problem. LOGs show "machine-names" instead of "usernames"

L3 Networker

Hello All,

 

BOX 3020, with PANOS 8.0.9 with USER-ID problems

Some IPs are mapped to machine names... not anymore to users... 

 

admin@BRFW-3020-02(active)> show user ip-user-mapping all | match bres
172.26.20.116 vsys1 UIA XXXXXXXX\bresd11192$ 42609 42609
172.26.20.68 vsys1 UIA XXXXXXXX\bressd14056$ 43167 43167
172.26.52.36 vsys1 UIA XXXXXXXX\bresd15005$ 41989 41989
172.26.17.170 vsys1 UIA XXXXXXXX\brespd11294$ 42671 42671
172.26.20.145 vsys1 UIA XXXXXXXX\bresl14019$ 42577 42577
172.26.17.130 vsys1 UIA XXXXXXXX\brespd11355$ 42577 42577
172.26.20.61 vsys1 UIA XXXXXXXX\bressd14053$ 42757 42757
172.26.28.175 vsys1 UIA XXXXXXXX\bresl14114$ 42457 42457
172.26.13.146 vsys1 UIA XXXXXXXX\bressl15179$ 35664 35664
172.26.28.62 vsys1 UIA XXXXXXXX\bressd11218$ 43194 43194
172.26.28.151 vsys1 UIA XXXXXXXX\bressl14038$ 43037 43037
172.26.20.184 vsys1 UIA XXXXXXXX\bresd14173$ 42064 42064

 

Other IPs show up OK

172.26.50.206 vsys1 UIA XXXXXXXX\xxxxxxx.sousa 31177 31177
192.168.89.185 vsys1 UIA XXXXXXXX\xxxxxxx.bisel 25919 25919
172.26.50.222 vsys1 UIA XXXXXXXX\xxxxxx.pereira 40296 40296
172.26.8.10 vsys1 UIA XXXXXXXX\xxxxxxx.lugao 41807 41807
172.26.8.86 vsys1 UIA XXXXXXXX\xxxxxxx.silveira 41768 41768
172.26.8.32 vsys1 UIA XXXXXXXX\xxxxxxx.andrade 41293 41293
172.26.50.51 vsys1 UIA XXXXXXXX\xxxxxxx.borges 40227 40227
172.26.33.197 vsys1 UIA XXXXXXXX\xxxxxx.rojas 8057 8057
172.26.50.47 vsys1 UIA XXXXXXXX\xxxxxx.silva 42116 42116
172.26.50.126 vsys1 UIA XXXXXXXX\xxxxx.rodrigues 42881 42881
172.26.19.15 vsys1 UIA XXXXXXXX\bakman 42548 42548
172.26.8.13 vsys1 UIA XXXXXXXX\xxxxx.estrella 37654 37654
172.26.50.147 vsys1 UIA XXXXXXXX\xxxxxx.leite 41228 41228
172.26.4.162 vsys1 UIA XXXXXXXX\xxxxxx.magalhaes 42199 42199
x172.26.53.182 vsys1 UIA XXXXXXXX\xxxxxx.hmc 42412 42412
172.26.20.177 vsys1 UIA XXXXXXXX\xxxxx.silva 27856 27856

 

At Domain Controllers, UIA seems to be working fine

ScreenShot103.jpg

1 accepted solution

Accepted Solutions

Hello Tahnks for the reply, I got problem solved using the following

 

  • PAN-OS 8.0.9
  • UIA 8.0.10-7
  • Reboot all Domain Controllers
  • Disabling angentless configuration at PA boxes

 

Right now using only UIA as user ID method

View solution in original post

4 REPLIES 4

L7 Applicator

Hi @FabioGarcia

 

Did you recently update your User-ID Agent to version 8.1.0? If you answer this question with "yes", then update the version to the latest maintenance release and the problem should be gone.

Hello, thanks for the suggestion... we did the upgrade to 8.1.1 but didint solve the problem.. we still see the machine-names at our logs... "username sec rules" are not working anymore... Also, when we see logs at UIA, all the usernames seems to be OK... now, after 8.1.1 upgrade in different formats... but that doesnt reflect at PA Box...

 

 

Please update your User-ID agent to 8.1.3 and that should address the issue with machine accounts being mapped on PAN-OS versions less that 8.1

 

You'll see it listed as WINAGENT-387 in the release notes of the User-ID agent.

Hello Tahnks for the reply, I got problem solved using the following

 

  • PAN-OS 8.0.9
  • UIA 8.0.10-7
  • Reboot all Domain Controllers
  • Disabling angentless configuration at PA boxes

 

Right now using only UIA as user ID method

  • 1 accepted solution
  • 5396 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!