8.1.2 platform LDAP user with a space in the username "john email@example.com" Auth profile with sAMAccountName working fine for "john smith" tested from cli GlobalProtect with single factor LDAP auth working fine externally for "john smith" Auth policy for MFA to duo push working fine for "test.user" but not for "john smith" Aliases tried but just doesnt work for Duo push when there is a space in the username. There's no failed auth attempt logged in Duo but you dont get that much logging information from Duo so short of a PCAP, not sure if the problem is Palo not sending the auth request or Duo not liking it. Anybody else got this working? I tried creating a local user on lab firewall but it doesnt allow a space in username. Traffic logs will look different since the auth fails somewhere but which log will show if the Palo sends the auth in the same way? Or is it a TLS decrypted PCAP of the API required?
... View more