- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-08-2024 03:31 AM
I finally solved with the official technical support. In my case we just enabled the logging with the following CLI command
debug software logging-level set level dump service rasmgr
and we could show the not matching happening.
In our case, the culprit was a misconfiguration we had in our Group Mapping settings.
DEVICE --> User Identification --> Group Mapping Seeting-->Server Profile--> Domain Setting -->User Domain . Here I had some short version of our domain name. I just left this setting empty so by default is extracting the domain value from the user name.
some info
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-web-interface-help/user-identification/device-u... [docs.paloaltonetworks.com]
I hope it helps.