User-id showing incorrect domain in normalization (domain.com\username instead of domain\username)

User-id showing incorrect domain in normalization (domain.com\username instead of domain\username)

8014
Created On 03/28/19 23:15 PM - Last Modified 06/15/20 21:23 PM


Symptom
User-ID agent 8.1.3  sending incorrect domain information. the firewall and User-ID agent will show the user mapping as domain.com\username instead of domain\username.

Environment
  • PAN-OS 8.1.4 and above.
  • Palo Alto Firewall.
  • User-ID agent 8.1.3-10 or below.


Cause
 
  • User-ID agent fails to normalize correctly and bind the full FQDN instead of NetBIOS name for the domain.
  • User-ID agent will display the user-ip-mapping as domain.com\username format and send that information to the firewall.
  • The firewall will not be able to map the user correctly as the domain is incorrect. 


Resolution
Upgrade the User-ID agent to 8.1.4 or higher.  This resolves the WINAGENT-432  Defect. 

Release notes can be found via Here.
WINAGENT-432Fixed an issue where the User-ID agent failed to normalize usernames correctly before sending to firewalls when the usernames were in User Principle Name (UPN) format, which prevented PAN-OS 8.0 and earlier firewalls from enforcing policy as expected for those usernames.


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000PLIn&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Attachments
Choose Language