04-16-2018 10:34 AM
Hello.
AD integration using the User-ID agent. We were on 8.0.7-2 and things were working fine.
I tried upgrading to version 8.1.0-66 and had several problems with wrong user-id being reported. I saw in the release notes for 8.1:
• Since multiple username attributes are supported, you must select the Primary
Username attribute that you want to use for user identification.
• Previously, the firewall normalized usernames received from User-ID sources (such
as an LDAP directory) to the domain\username format. In PAN-OS® 8.1, when the
Primary Username is in UPN format, it will not be normalized as in previous PAN-OS
versions. As a result, usernames
My question is if I use the new agent, how can I get my username to show up as
domain\userid
again?
When I tried 8.1.0-66 I was seeing usernames as
domain@username
and
MACHINENAME$
All my rules broke.
To correct quickly, I reverted back to the older user-id version.
Thanks,
Dannon
