Security

Hi,

I'm trying to link our CPPM 6.4 to our new Paloalto.

The issue is our wireless (eduroam) is authenticating with email addresses stored in AD/LDAP UPN field. For some students this is "acctname@uni.edu.au" and for staff it is "First.Last@uni.edu.au". Either way, this is completly different to what the PA is expecting. It wants acctname or DOMAIN\acctname. However our domain is "uni.ad.internal", or UNI\, so uni.edu.au\First.Last is no good.

I need to know if it is possible to manipulate the parameters in the API call to not use the UPN/authenticated full username, but instead use the short form of the user, and force the domain (UNI\) onto the strings. That is UNI\acctname

Are any of these usable:

Radius:IETF:User-Name

Authorization:(My LDAPS):ShortName

In this parameter?

https://{server_ip}/api/?type=user-id&action=set&key={key}&cmd={cmd}

Regards.

The parameters we show in the PANW context server screen cannot and should not be amended. I've been asking Engineering to remove this for a while now as it serves no purpose to you in the field and repeatably just like this posting leads to confusion.

I'll open a case and ask for assistance or if a custom engineering fix is available. I dont want to go via the syslog approach unless I have to.

Thanks