Troubleshooting User-ID: Group and User-to-IP Mapping
Group mapping and user-IP mapping are two primary functions of User-ID. Group mapping associates groups with their user members and user-IP (or IP-user) mapping associates IP addresses to users.
The attached document covers troubleshooting tips for common User-ID configuration issues around group mapping and user-IP mapping. The document covers issues such as:
- Group mapping not pulled from AD/LDAP
- No user-to-IP mappings present from User-ID agent
- No user-to-IP mappings present from captive portal
- IP mappings are created but disappear too soon
- Incorrect IP mapping for some users with User-ID agent or agentless User-ID
- Unknown or no users in traffic logs
- Increased traffic chatter/congestion
A section at the end of the document describes some commonly used CLI commands for User-ID.
Also, links to useful articles in the Palo Alto Networks Support Knowledge Base are provided throughout the document.
owner: sjamaluddin, jteetsel