Hello I have a little problem with my PA-5020. After upgrading OS to a 5.0 version my user authentication to log on as an administrator from ldap and kerberos doesn`t work. I had user mapped to an allowed list by AD group: cn=administratorzy paloalto,ou=urzĄdzenia,ou=grupy zasobÓw,dc=my,dc=domain,dc=name, it was working fine with os 4.X but after updating to a 5.0 i got errors: User 'my.domain.name\myuser' failed authentication. Reason: User is not in allowlist From: x.x.x.x After adding user directly ("my.domain.name\myuser") to allow list it works perfectly. At first i thought it was problem with my OU names containing ó,ą which are polish letters, but i moved that group to a different OU without theme and it still doesn`t work. It looks like PA doesn`t see members of my groups. Weird thing is that I also have policy based on user belonging to a different groups and that mapping works fine.
... View more