GlobalProtect logged in user issue

cancel
Showing results for 
Search instead for 
Did you mean: 

GlobalProtect logged in user issue

Hello Mr.
           After changing from GlobalProtect 5.1.14 to 5.2.8 it's very noticed that added authentication user such as mydomain\myusername  just change it self to myusername only just by itself which doesn't allow it to access the resources.
Why that? Any ideas?
MR
4 REPLIES 4

Hellooo, No Ideas so far ?!

MR

L4 Transporter

Hello @MohammadRamadanA.Hafiez ,

 

Most likely the format of the username does not match.  Do you have a username or group in the security policy rule that allows access to your resources?  You can verify the format of the username via the monitor tab, but I prefer CLI.

 

Use "show user ip-user-mapping all" to verify active username format.

 

Use "show user group name [group]" to verify username format needed to match group.

 

This doc will have the fix most of the time -> https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/user-id-features/support-for-multip....

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

Hello @TomYoung 

  Thank you for your reply.

I will check the link you've provided.

Firstly , yes I have policies based on users and groups that we are talking about. 

Secondly,  I have checked traffic logs and when the user-id field is mydomain\username then I know everything will be as expected  but whenever it comes username only I know it won't work as expected. 

Adding: a Cisco Duo is must to have client connected by GlobalProtect.

I will check the link it might help.

MR

Hello,

       So far and after checking many times it seems this issue occures due to GlobalProtect client fail-over the windows account and it was allowed to use windows SSO "YES" now we set it to "NO" and waiting the final result.

Capture.PNG

MR
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!