PA LDAP AD AUTHENTICATION

The default port for LDAP is port 389, but LDAPS uses port 636 and establishes TLS/SSL upon connecting with a client.

Step 1 : Create Server Profile

Device --> Server Profiles --> LDAP

Step 2 :

Go to Device --> User Identification --> Group Mapping Settings

Step 3 :

Now go to Group Include List and AD must expand . If it doesn't then it's not properly configured.

Step 4 : Select Groups from AD whose user's must be authenticated.

Now say we want only users from user & Admin group to be authenticated using AD.

Note if you aren't able to expand DC then there is issue in connecting to AD server.

Step 5 :

Go to Devices --> Create Authentication Profile

Step 6 :

Device --> User Identification

Here is default settings

Click edit

Let's enable Server log monitor session & client probing (By Default they aren't enable)

Step 7 :

Now go to Zone in which you want users to be authenticated & enable user identification.

You may need to enable Source User to see Traffic Monitoring showing user ID

To see details of traffic click on magnifier