I got two AD Domains. I did the two ldap and two kerberos configs In the Authentication Sequence ch-dom ist the first one and the second is stebos. They are both kerberos profiles Users in ch-dom can authenticate. User in stebos get immediatly a auth failer. LDAP is working on both AD, I can see users and groups. In Traffic Monitor I don't see kerberos traffic to the ad server holding stebos. Whats wrong?? Mar 20 11:27:40 pan_authd_service_req(pan_authd.c:2563): Authd:Trying to remote authenticate user: testvpn Mar 20 11:27:40 pan_authd_service_auth_req(pan_authd.c:1104): AUTH Request <'vsys1','auth-sequence','testvpn'> Mar 20 11:27:40 pan_authd_handle_nonadmin_auths(pan_authd.c:2240): auth-sequence is an auth sequence Mar 20 11:27:40 pan_authd_handle_nonadmin_auths(pan_authd.c:2304): Trying auth profile #1 kerberos_profile in auth seq Mar 20 11:27:40 Error: pan_authd_get_sysd_multivsys(pan_authd.c:3409): failed to fetch: NO_MATCHES Mar 20 11:27:40 panauth:user <ch-dom\testvpn,kerberos_profile,vsys1> is not allowed Mar 20 11:27:40 User 'ch-dom\testvpn' failed authentication. Reason: User is not in allowlist From: 178.83.248.50. Mar 20 11:27:40 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:40 pan_authd_generate_system_log(pan_authd.c:833): CC Enabled=False Mar 20 11:27:40 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:40 pan_authd_handle_nonadmin_auths(pan_authd.c:2304): Trying auth profile #2 stebos in auth seq Mar 20 11:27:40 Error: pan_authd_get_sysd_multivsys(pan_authd.c:3409): failed to fetch: NO_MATCHES Mar 20 11:27:40 pan_authd_common_authenticate(pan_authd.c:1543): Authenticating user using service /etc/pam.d/pan_krb5_vsys1_stebos,username stebos\testvpn Mar 20 11:27:41 pan_authd_authenticate_service(pan_authd.c:652): authentication failed (6) Mar 20 11:27:41 authentication failed for user <vsys1,stebos,stebos\testvpn> Mar 20 11:27:41 User 'stebos\testvpn' failed authentication. Reason: Invalid username/password From: 178.83.248.50. Mar 20 11:27:41 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:41 pan_authd_generate_system_log(pan_authd.c:833): CC Enabled=False Mar 20 11:27:41 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:41 pan_authd_process_authresult(pan_authd.c:1247): pan_authd_process_authresult: testvpn authresult not auth'ed Mar 20 11:27:41 pan_authd_process_authresult(pan_authd.c:1271): Alarm generation set to: False. Mar 20 11:27:41 User 'testvpn' failed authentication. Reason: Invalid username/password From: 178.83.248.50. Mar 20 11:27:41 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:41 pan_authd_generate_system_log(pan_authd.c:833): CC Enabled=False Mar 20 11:27:41 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:41 pan_authd_service_req(pan_authd.c:2563): Authd:Trying to remote authenticate user: testvpn Mar 20 11:27:41 pan_authd_service_auth_req(pan_authd.c:1104): AUTH Request <'vsys1','auth-sequence','testvpn'> Mar 20 11:27:41 pan_authd_handle_nonadmin_auths(pan_authd.c:2240): auth-sequence is an auth sequence Mar 20 11:27:41 pan_authd_handle_nonadmin_auths(pan_authd.c:2304): Trying auth profile #1 kerberos_profile in auth seq Mar 20 11:27:41 Error: pan_authd_get_sysd_multivsys(pan_authd.c:3409): failed to fetch: NO_MATCHES Mar 20 11:27:41 panauth:user <ch-dom\testvpn,kerberos_profile,vsys1> is not allowed Mar 20 11:27:41 User 'ch-dom\testvpn' failed authentication. Reason: User is not in allowlist From: 178.83.248.50. Mar 20 11:27:41 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:41 pan_authd_generate_system_log(pan_authd.c:833): CC Enabled=False Mar 20 11:27:41 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:42 pan_authd_handle_nonadmin_auths(pan_authd.c:2304): Trying auth profile #2 stebos in auth seq Mar 20 11:27:42 Error: pan_authd_get_sysd_multivsys(pan_authd.c:3409): failed to fetch: NO_MATCHES Mar 20 11:27:42 pan_authd_common_authenticate(pan_authd.c:1543): Authenticating user using service /etc/pam.d/pan_krb5_vsys1_stebos,username stebos\testvpn Mar 20 11:27:42 pan_authd_authenticate_service(pan_authd.c:652): authentication failed (6) Mar 20 11:27:42 authentication failed for user <vsys1,stebos,stebos\testvpn> Mar 20 11:27:42 User 'stebos\testvpn' failed authentication. Reason: Invalid username/password From: 178.83.248.50. Mar 20 11:27:42 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:42 pan_authd_generate_system_log(pan_authd.c:833): CC Enabled=False Mar 20 11:27:42 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:42 pan_authd_process_authresult(pan_authd.c:1247): pan_authd_process_authresult: testvpn authresult not auth'ed Mar 20 11:27:42 pan_authd_process_authresult(pan_authd.c:1271): Alarm generation set to: True. Mar 20 11:27:42 User 'testvpn' failed authentication. Reason: Invalid username/password From: 178.83.248.50. Mar 20 11:27:42 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Mar 20 11:27:42 pan_authd_generate_system_log(pan_authd.c:833): CC Enabled=False Mar 20 11:27:42 pan_get_system_cmd_output(pan_cfg_utils.c:3043): executing: /usr/local/bin/sdb -n -r cfg.operational-mode
... View more