Users and group mapping

L2 Linker

Users and group mapping

Hello everybody!

Sometimes users' group memberships are not recognized by the firewall integrated user id agent. In the useridd.log we see this message:

2019-03-29 10:12:45.317 +0100 Warning: pan_user_group_user_prime_uid_lookup(pan_user_group_multi_attr.c:1314): For tierkonet\adisfo user, domain tierkonet does not exist in group-mapping

It says that the domain tierkonet does not exist in the group mappi g, but it does exist, that domain was configured.

Thanks in advance for any suggestion
L7 Applicator

Re: Users and group mapping

hi @Bittereinder 


Group memberships are fetched through the ldap server profile, not through the User-ID agent

Did you configure the group mapping (device > User-ID > group mapping) to include a domain?

reaper -
I drink and I know things
L2 Linker

Re: Users and group mapping

Hello, Reaper,


I've taken a look with show user group-mapping state all

 and I see: Number of groups: 1570 

A domain is configured, and I see one group mapping of type "active-directory".


What else should I look at?



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!