Users and group mapping

Reply
L2 Linker

Users and group mapping

Hello everybody!


Sometimes users' group memberships are not recognized by the firewall integrated user id agent. In the useridd.log we see this message:


2019-03-29 10:12:45.317 +0100 Warning: pan_user_group_user_prime_uid_lookup(pan_user_group_multi_attr.c:1314): For tierkonet\adisfo user, domain tierkonet does not exist in group-mapping

It says that the domain tierkonet does not exist in the group mappi g, but it does exist, that domain was configured.


Thanks in advance for any suggestion
L7 Applicator

hi @Bittereinder 

 

Group memberships are fetched through the ldap server profile, not through the User-ID agent

Did you configure the group mapping (device > User-ID > group mapping) to include a domain?

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374
L2 Linker

Hello, Reaper,

 

I've taken a look with show user group-mapping state all

 and I see: Number of groups: 1570 

A domain is configured, and I see one group mapping of type "active-directory".

 

What else should I look at?

Thanks!

 

L4 Transporter

Hey @Bittereinder ,

 

Did you solve this one? I saw similar logs on my firewall.

 

2020-11-20 16:08:01.115 +0100 Warning: pan_user_group_user_prime_uid_lookup(pan_user_group_multi_attr.c:1295): For alex user, user-domain is not present in group-mapping
2020-11-20 16:08:01.115 +0100 Warning: pan_user_group_user_prime_uid_lookup(pan_user_group_multi_attr.c:1295): For sash user, user-domain is not present in group-mapping
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!