This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

User is not in allowlist

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User is not in allowlist

will74103
L1 Bithead

‎09-27-2010 02:01 PM

Running PAN 2020 v3.1.4 using LDAP authentication with eDirectory.  I have a userid that will not authenticate via Captive portal. I am seeing a " User is not in allowlist" error in the System Log.

I have verified that the userid in quesiton is in Server group.  That Server Group is referenced by a Security policy as the source User.  I have verified using "show user ldap-server server all" that the username in question does appear in the list on the paloalto.

As an FYI this same userid authenticates fine via the ldap agent.  If I run a show user ip-user-mapping for the IP address of a system that is logged in via the agent it correctly shows the userid as being in the group called out by a security policy.

At this point, I am not seeing what is holding this up.  If that userid has logged in via the agent already on another box, would that somehow prevent that userid from logging in via captive portal on another system?

What should I be checking to troubleshoot this problem?

Thanks.

0 Likes Likes
3 REPLIES 3

James
L4 Transporter

‎09-27-2010 02:47 PM

Hi There,

You need to edit the allow list.  These links should answer your problem:

https://live.paloaltonetworks.com/message/1779#1779

https://live.paloaltonetworks.com/message/3103#3103

Thanks

James

0 Likes Likes

rahmant
Not applicable

‎09-28-2010 09:30 AM

Can you try adding the user directly to the allowlist instead of using the group?  Not permanently, but just to ensure that the general mapping is working.  If that works, then it's something to do with group enumeration.

Tariq

0 Likes Likes

will74103
L1 Bithead
In response to rahmant

‎09-28-2010 10:46 AM

I got the problem resolved.   This particular userid had not been added to the group referenced by the Authentication policy. Once added, it began working. 

This is a new installation and I simply forgot that the Authentication policy references an LDAP group.

0 Likes Likes
  • 4547 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks