Need help figuring out something.
61 views
Skip to first unread message
Tom Cole
Jun 9, 2015, 3:58:59 PM6/9/15
to priva...@googlegroups.com
We are using this a 2FA for Global Protect (Palo Alto). When we log into the portal, we use domain\username. However, if we try that for the gateway if fails and will only work with just the username. As we are not doing that, when it logs on it passes only the username, thus not assigning any groups to the users (groups are base on domain\username).
I don't see anywhere how I can get this to work
I don't see anywhere how I can get this to work
Cornelius Kölbel
Jun 9, 2015, 4:09:28 PM6/9/15
to priva...@googlegroups.com
Hello Tom,
I think I do not quite get you setup and problem.
(I am not sure what you mean when speaking of portal and gateway)
So I assume that at any point you will have a RADIUS request to
FreeRADIUS with the privacyIDEA plugin and/or an API Request to
privacyIDEA.
Are you running FreeRADIUS?
So can you tell, what username arrives at the FreeRADIUS and what
arrives at privacyIDEA?
If you are using FreeRADIUS, this is usually the good point the split a
"domain\" from the username.
Kind regardss
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/e6bc6f9f-30b2-443a-8739-35bb126e532b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
I think I do not quite get you setup and problem.
(I am not sure what you mean when speaking of portal and gateway)
So I assume that at any point you will have a RADIUS request to
FreeRADIUS with the privacyIDEA plugin and/or an API Request to
privacyIDEA.
Are you running FreeRADIUS?
So can you tell, what username arrives at the FreeRADIUS and what
arrives at privacyIDEA?
If you are using FreeRADIUS, this is usually the good point the split a
"domain\" from the username.
Kind regardss
Cornelius
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/e6bc6f9f-30b2-443a-8739-35bb126e532b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Tom Cole
Jun 9, 2015, 5:16:45 PM6/9/15
to priva...@googlegroups.com
the user name that arrives is the username minus the domain. This is because if I put the domain ( either as \ or @x.x.x ) it fails.
Cornelius Kölbel
Jun 9, 2015, 5:26:02 PM6/9/15
to priva...@googlegroups.com
OK, and you want to put in
domain\username and you want username to arrive?
Are you using FreeRADIUS in this case?
Kind regards
Cornelius
domain\username and you want username to arrive?
Are you using FreeRADIUS in this case?
Kind regards
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/758fff05-64a0-411e-b05f-de505f97977a%40googlegroups.com.
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
Tom Cole
Jun 9, 2015, 7:34:01 PM6/9/15
to Cornelius Kölbel, priva...@googlegroups.com
I want to put in
domain\username and have domain\username arrive back at the VPN
firewall.
We are using FreeRADIUS (privacyidea-radius).
We are using FreeRADIUS (privacyidea-radius).
June 9, 2015 at 17:25
OK, and you want to put in
domain\username and you want username to arrive?
Are you using FreeRADIUS in this case?
Kind regards
Cornelius
June 9, 2015 at 17:16
the user name that arrives is the username minus the domain. This is because if I put the domain ( either as \ or @x.x.x ) it fails.--
On Tuesday, June 9, 2015 at 3:58:59 PM UTC-4, Tom Cole wrote:
You received this message because you are subscribed to a topic in the Google Groups "privacyidea" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/privacyidea/YAE2Qh_DSV4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to privacyidea...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages