Need help figuring out something

We are using this a 2FA for Global Protect (Palo Alto). When we log into
the portal, we use domain\username. However, if we try that for the
gateway if fails and will only work with just the username. As we are not
doing that, when it logs on it passes only the username, thus not assigning
any groups to the users (groups are base on domain\username).

I don’t see anywhere how I can get this to work

the user name that arrives is the username minus the domain. This is
because if I put the domain ( either as \ or @x.x.x ) it fails.On Tuesday, June 9, 2015 at 3:58:59 PM UTC-4, Tom Cole wrote:

We are using this a 2FA for Global Protect (Palo Alto). When we log into
the portal, we use domain\username. However, if we try that for the
gateway if fails and will only work with just the username. As we are not
doing that, when it logs on it passes only the username, thus not assigning
any groups to the users (groups are base on domain\username).

I don’t see anywhere how I can get this to work

I want to put in domain\username and have domain\username arrive back at
the VPN firewall.

We are using FreeRADIUS (privacyidea-radius).> Cornelius Kölbel mailto:cornelius.koelbel@netknights.it

June 9, 2015 at 17:25
OK, and you want to put in

domain\username and you want username to arrive?

Are you using FreeRADIUS in this case?

Kind regards
Cornelius

Tom Cole mailto:Tom_Cole
June 9, 2015 at 17:16
the user name that arrives is the username minus the domain. This is
because if I put the domain ( either as \ or @x.x.x ) it fails.

On Tuesday, June 9, 2015 at 3:58:59 PM UTC-4, Tom Cole wrote:

You received this message because you are subscribed to a topic in the
Google Groups “privacyidea” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/privacyidea/YAE2Qh_DSV4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/758fff05-64a0-411e-b05f-de505f97977a%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/758fff05-64a0-411e-b05f-de505f97977a%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Hello Tom,

I think I do not quite get you setup and problem.
(I am not sure what you mean when speaking of portal and gateway)

So I assume that at any point you will have a RADIUS request to
FreeRADIUS with the privacyIDEA plugin and/or an API Request to
privacyIDEA.

Are you running FreeRADIUS?
So can you tell, what username arrives at the FreeRADIUS and what
arrives at privacyIDEA?

If you are using FreeRADIUS, this is usually the good point the split a
“domain” from the username.

Kind regardss
CorneliusAm Dienstag, den 09.06.2015, 12:58 -0700 schrieb Tom Cole:

We are using this a 2FA for Global Protect (Palo Alto). When we log
into the portal, we use domain\username. However, if we try that for
the gateway if fails and will only work with just the username. As we
are not doing that, when it logs on it passes only the username, thus
not assigning any groups to the users (groups are base on domain
\username).

I don’t see anywhere how I can get this to work


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/e6bc6f9f-30b2-443a-8739-35bb126e532b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (819 Bytes)

OK, and you want to put in

domain\username and you want username to arrive?

Are you using FreeRADIUS in this case?

Kind regards
CorneliusAm Dienstag, den 09.06.2015, 14:16 -0700 schrieb Tom Cole:

the user name that arrives is the username minus the domain. This is
because if I put the domain ( either as \ or @x.x.x ) it fails.

On Tuesday, June 9, 2015 at 3:58:59 PM UTC-4, Tom Cole wrote:
We are using this a 2FA for Global Protect (Palo Alto). When
we log into the portal, we use domain\username. However, if
we try that for the gateway if fails and will only work with
just the username. As we are not doing that, when it logs on
it passes only the username, thus not assigning any groups to
the users (groups are base on domain\username).

    I don't see anywhere how I can get this to work


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/758fff05-64a0-411e-b05f-de505f97977a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (819 Bytes)