This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About mpaskevic
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About mpaskevic
08-18-2015
2Posts
0Likes
0Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by mpaskevic
| Subject | Views | Posted |
|---|---|---|
| 1858 | 02-22-2012 04:06 AM | |
| 3366 | 02-21-2012 09:25 AM |
User Badges
Community Statistics
| Member Since | 11-13-2011 11:01 PM |
| Date Last Visited | 08-18-2015 09:07 AM |
| Posts | 2 |
02-22-2012
04:06 AM
4.1.3 version fixes this issue: "35907 - When a user account in Active Directory has a different value for the userPrincipleName (UPN) name and the sAMAccountName, group mapping is not working correctly because the user to IP mapping process uses the sAMAccountName and user to group mapping process uses the UPN name. Update made so both processes use the sAMAccountName."
... View more
02-21-2012
09:25 AM
Using PanOS 4.1.2 on 5020 listing group mapping: show user group name "<DOMAIN>\<GROUP NAME>" we get something like this [1 ] <DOMAIN>\<name>.<surname> .... though in "user id identification->group mapping settings" under "user objects" we discretely choose "Object Class: person" "User Name: sAMAccountName" and browsing ldap shows that sAMAccountName holds no such information. this missmatches the info which is collected by user-id agent and prevents us using user identification. furthermore if we delete "Domain" parameter in LDAP configuration (which is`t a production environment option, just for debug puposes, because we are in multi domain environment) listing users as mentioned above - we get same info as in "userPrincipalName" attribute: show user group name "<DOMAIN>\<GROUP NAME>" [1 ] <userPrincipalName value> .... Is this hardcoded(user name attribute - userPrincipalName) bug? Or we can do something about it? Install previous version of panos/something using cli? Any help, insights into this problem - appreciated.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:07 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks