09-09-2015 10:36 AM
Does the user account used to log into the firewall need to be a domain admin account? I had this working fine until I removed domain admin rights from the service account used to log into the firewall.
09-09-2015 04:39 PM
I show in my latest TechNote how to utilize the PAN inbuilt domain RBAC to minimize the account privileges required to this account.
Can't understand why it would need domain admins rights, ubless you are have created some differing auth-profile/auth-sequence.... can U check your auth sequence stil lcheck the Local DB for your user?
Snr Tech Marketing Engineer - ClearPass
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
09-10-2015 06:32 AM
I have enabled RADIUS auth only into the FW's (admin mgmt into the fw's). In NPS (Server 2012), you can only add an AD group (as far as I understand). That group seems to only work if in domain admins.