Group memberships are fetched through the ldap server profile, not through the User-ID agent
Did you configure the group mapping (device > User-ID > group mapping) to include a domain?
I've taken a look with show user group-mapping state all
and I see: Number of groups: 1570
A domain is configured, and I see one group mapping of type "active-directory".
What else should I look at?
Hey @Bittereinder ,
Did you solve this one? I saw similar logs on my firewall.
2020-11-20 16:08:01.115 +0100 Warning: pan_user_group_user_prime_uid_lookup(pan_user_group_multi_attr.c:1295): For alex user, user-domain is not present in group-mapping 2020-11-20 16:08:01.115 +0100 Warning: pan_user_group_user_prime_uid_lookup(pan_user_group_multi_attr.c:1295): For sash user, user-domain is not present in group-mapping
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!