This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

About snormoyle

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
snormoyle
‎08-18-2015
since ‎06-02-2011
Not applicable
User Activity
User Profile
Latest posts by snormoyle
View All
User Badges
Community Statistics
Member Since ‎06-02-2011 03:25 AM
Date Last Visited ‎08-18-2015 09:07 AM
Posts 28

Re: LDAP authentication for CLI

by in General Topics
‎09-26-2012 03:43 AM
‎09-26-2012 03:43 AM
I did it and you can see where it has issues, just don't understand it yet. dmin@ssca-pa-01> tail follow yes mp-log authd.log ****OUTPUT FROM CLI AUTHENTICATION*********************** Sep 26 06:17:11 pan_authd_service_req(pan_authd.c:2604): Authd:Trying to remote authenticate user: alt.steven.normoyle Sep 26 06:17:11 pan_authd_service_auth_req(pan_authd.c:1115): AUTH Request <'','','alt.steven.normoyle'> Sep 26 06:17:11 alt.steven.normoyle admin is being authed Sep 26 06:17:11 pan_authd_handle_admin_auths(pan_authd.c:1968): Using auth prof mgt-auth for admin alt.steven.normoyle Sep 26 06:17:11 pan_authd_handle_admin_auths(pan_authd.c:2022): shared/mgt-auth is auth prof is of type (auth profile) Sep 26 06:17:11 Error: pan_authd_get_sysd_multivsys(pan_authd.c:3527): failed to fetch: NO_MATCHES Sep 26 06:17:11 pan_authd_common_authenticate(pan_authd.c:1511): Authenticating user using service /etc/pam.d/pan_ldap_shared_mgt-auth_0,username alt.steven.normoyle Sep 26 06:17:11 pan_authd_authenticate_service(pan_authd.c:663): authentication failed (6) Sep 26 06:17:11 pan_authd_common_authenticate(pan_authd.c:1531): Authenticating user using service /etc/pam.d/pan_ldap_shared_mgt-auth_0,username alt.steven.normoyle failed - trying other hosts Sep 26 06:17:11 pan_authd_common_authenticate(pan_authd.c:1511): Authenticating user using service /etc/pam.d/pan_ldap_shared_mgt-auth_1,username alt.steven.normoyle Sep 26 06:17:11 pan_authd_authenticate_service(pan_authd.c:663): authentication failed (6) Sep 26 06:17:11 pan_authd_common_authenticate(pan_authd.c:1531): Authenticating user using service /etc/pam.d/pan_ldap_shared_mgt-auth_1,username alt.steven.normoyle failed - trying other hosts Sep 26 06:17:11 pan_authd_common_authenticate(pan_authd.c:1506): Skipping LDAP server due to missing Auth-Profile: pan_ldap_shared_mgt-auth_2 Sep 26 06:17:11 pan_authd_common_authenticate(pan_authd.c:1506): Skipping LDAP server due to missing Auth-Profile: pan_ldap_shared_mgt-auth_3 Sep 26 06:17:11 authentication failed for user <shared,mgt-auth,alt.steven.normoyle> Sep 26 06:17:11 pan_authd_process_authresult(pan_authd.c:1258): pan_authd_process_authresult: alt.steven.normoyle authresult not auth'ed Sep 26 06:17:11 pan_authd_process_authresult(pan_authd.c:1282): Alarm generation set to: False. Sep 26 06:17:11 User 'alt.steven.normoyle' failed authentication.  Reason: Invalid username/password From: ssca-lt-04.nmed.ds.med.navy.mil. Sep 26 06:17:11 pan_get_system_cmd_output(pan_cfg_utils.c:3056): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Sep 26 06:17:12 pan_authd_generate_system_log(pan_authd.c:844): CC Enabled=False Sep 26 06:17:12 pan_get_system_cmd_output(pan_cfg_utils.c:3056): executing: /usr/local/bin/sdb -n -r cfg.operational-mode *************OUTPUT FROM WEB GUI AUTHENTICATION************************************** Sep 26 06:17:55 pan_authd_service_req(pan_authd.c:2604): Authd:Trying to remote authenticate user: alt.steven.normoyle Sep 26 06:17:55 pan_authd_service_auth_req(pan_authd.c:1115): AUTH Request <'','','alt.steven.normoyle'> Sep 26 06:17:55 alt.steven.normoyle admin is being authed Sep 26 06:17:55 pan_authd_handle_admin_auths(pan_authd.c:1968): Using auth prof mgt-auth for admin alt.steven.normoyle Sep 26 06:17:55 pan_authd_handle_admin_auths(pan_authd.c:2022): shared/mgt-auth is auth prof is of type (auth profile) Sep 26 06:17:55 Error: pan_authd_get_sysd_multivsys(pan_authd.c:3527): failed to fetch: NO_MATCHES Sep 26 06:17:55 pan_authd_common_authenticate(pan_authd.c:1511): Authenticating user using service /etc/pam.d/pan_ldap_shared_mgt-auth_0,username alt.steven.normoyle Sep 26 06:17:55 pan_authd_authenticate_service(pan_authd.c:663): authentication succeeded (0) Sep 26 06:17:55 pan_authd_authenticate_service(pan_authd.c:669): account is valid Sep 26 06:17:55 pan_get_passwd_expiry(pan_authd_passwd.c:778): Using /etc/openldap/pan_ldap_shared_mgt-auth_0 to get password info Sep 26 06:17:55 pan_get_ldap_ip(pan_authd_passwd.c:120): Reading file /etc/openldap/pan_ldap_shared_mgt-auth_0 Sep 26 06:17:55 pan_authd_bind(pan_authd_passwd.c:244): binding with binddn CN=SSCA.PA.SVC,OU=Service Sep 26 06:17:55 Error: pan_authd_bind(pan_authd_passwd.c:271): bind failed (extracted from parsed bind result) (Invalid credentials) (80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1) Sep 26 06:17:55 pan_authd_ldap_search_result(pan_authd_passwd.c:357): searching base 'DC=nmed,DC=ds,DC=med,DC=navy,DC=mil' for (sAMAccountName=alt.steven.normoyle) (userAccountControl) Sep 26 06:17:55 Error: pan_authd_ldap_search_result(pan_authd_passwd.c:419): search failed 1 (Operations error) (000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1) Sep 26 06:17:55 pan_get_ad_passwd_expiry(pan_authd_passwd.c:679): failed to search userAccountControl Sep 26 06:17:55 Error: pan_get_passwd_expiry(pan_authd_passwd.c:793): Failed to get expiry info for alt.steven.normoyle Sep 26 06:17:55 authentication succeeded for user <shared,mgt-auth,alt.steven.normoyle> useradd: unable to lock password file usermod: user alt.steven.normoyle does not exist usermod: user alt.steven.normoyle does not exist Sep 26 06:17:56 pan_authd_process_authresult(pan_authd.c:1258): pan_authd_process_authresult: alt.steven.normoyle authresult auth'ed Sep 26 06:17:56 Request received to unlock shared/mgt-auth/alt.steven.normoyle Sep 26 06:17:56 User 'alt.steven.normoyle' authenticated.   From: 192.207.231.8. Sep 26 06:17:56 pan_get_system_cmd_output(pan_cfg_utils.c:3056): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Sep 26 06:17:56 pan_authd_generate_system_log(pan_authd.c:844): CC Enabled=False Sep 26 06:17:56 pan_get_system_cmd_output(pan_cfg_utils.c:3056): executing: /usr/local/bin/sdb -n -r cfg.operational-mode Sep 26 06:17:56 pan_authd_service_req(pan_authd.c:2610): Authd:get group request Sep 26 06:17:56 pan_authd_handle_group_req(pan_authd.c:2561): Got user role/adomain / for user alt.steven.normoyle ... View more

Re: User Agent

by in General Topics
‎09-26-2012 03:39 AM
‎09-26-2012 03:39 AM
Got it fixed, I appreciate the help.  Issue was that the account used was a regular user account.  I changed it to use the local service account and it started working. ... View more

User Agent

by in General Topics
‎09-25-2012 10:00 AM
‎09-25-2012 10:00 AM
Installed the user agent on a windows 2003 server.  every time you try to start the service you get the windows box stating the service was started, but then stopped. ... View more

Re: LDAP authentication for CLI

by in General Topics
‎09-25-2012 09:59 AM
‎09-25-2012 09:59 AM
that is correct. ... View more

LDAP authentication for CLI

by in General Topics
‎09-25-2012 08:58 AM
‎09-25-2012 08:58 AM
I got LDAP authentication working so that when logging into the Web GUI the microsoft active directory accounts works with no problems.  When a user logs into the CLI and tries using their LDAP account the system log shows invalid username/password.  the username syntax is <title>.<firstname>.<lastname>. ... View more

Administrator Accounts

by in General Topics
‎09-21-2012 08:09 AM
‎09-21-2012 08:09 AM
When I create new administrator accounts the accounts cannot login.  The palo alto system logs shows invalid username/password, but the name and password are being typed correctly.  anybody have any ideas why. ... View more

Re: Vwire NAT

by in General Topics
‎07-11-2012 03:56 AM
‎07-11-2012 03:56 AM
Vwire in PAN OS 4.1 can do NAT.  In order to get it to work need to have the PAN device setup between two layer 3 devices so that all those ARP broadcast get blocked so as not to confuse the devices on what MAC belongs to what IP since the PAN device in transparent mode will pass the traffic if the rules are "permit any" in both directions. ... View more

Re: VWire

by in General Topics
‎07-11-2012 03:20 AM
‎07-11-2012 03:20 AM
The "design" documentation states as a vwire disadvantage "cannot perform any layer 3 functionality on the device, such at NAT or routing" with a side note that starting in PAN OS 4.1 NAT is possible in a vwire configuration.  I have been trying to get layer3 to work on a PA200 with no success.  Ports 1 and 2 are in the vwire, so trying to get ports 3 and 4 to work, but after configuring the ports for L3 and creating a route the devices connected to ports 3 and 4 cannot get out to the internet. ... View more

VWire

by in General Topics
‎07-10-2012 08:10 AM
‎07-10-2012 08:10 AM
I have configure a 2050 in a vwire configuration can I still utilize layer3 on the device.  From what I have been reading if I configure PAN device for vwire then the device cannot due any layer3 funcationality. ... View more

Vwire NAT

by in General Topics
‎07-05-2012 03:50 PM
‎07-05-2012 03:50 PM
I am trying to setup NAT with vwire.  According to Palo Alto this is possible with PAN OS 4.1 and I am on PAN OS 4.1.6.  I have setup NAT with L3 on the PAN devices so I have an idea on how to do this setup.  When I setup NAT policy on the PAN device with vwire I see the traffic in the monitoring tab getting NATT'ed but I still cannot browse the web.  When I disable the NAT policy then I can access the web. Any thoughts. ... View more

PA 200 Device

by in General Topics
‎07-04-2012 03:52 AM
‎07-04-2012 03:52 AM
I am trying to create L3 subinterfaces on a PA200.  I get through the whole process (create subinterfaces (untagged), create zones, policies, etc, etc) I can ping new L3 interface from devices on the new L3 subnet, but that is it.  Is this a PA200 device limitation? ... View more

SSH Tunnels

by in General Topics
‎01-25-2012 03:42 AM
‎01-25-2012 03:42 AM
I know in order to look inside the SSH traffic to see if someone is doing SSH Tunnels you need to decrypt the SSH session. I am looking to find out how the PAN decrypts the SSH traffic and what is all involved in setting this up on the firewall. ... View more

App ID Classification

by in General Topics
‎01-24-2012 06:25 AM
‎01-24-2012 06:25 AM
I noticed that Sophos anti-virus is classifed under business-systems/management, while McAfee, Symantec, Panada are all classifed under business-systems/software-update. Seems to me Sophos is misclassified under the wrong sub-cateogry. ... View more

Pan OS 4.1.2

by in General Topics
‎01-18-2012 05:03 AM
‎01-18-2012 05:03 AM
I see they released version 4.1.2.  Will there be a release for PAN-200 or is the PAN-500 version the same for the PAN-200. ... View more

Re: Dynamic Updates

by in General Topics
‎01-18-2012 12:07 AM
‎01-18-2012 12:07 AM
looks like it has cleared up.  url filter version 3777 has been replaced and showing the current installed version 3778. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎08-18-2015 09:07 AM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks