One solution may be to change the Context Server Action used for your Palo Alto update. What is sent, is defined in those context server actions:
You may change %{user} to some attribute that has the username in a format that you want to be sent (possibly the IETF:User-Name), or if all are in the same domain, you could change it to DOMAIN\${user}.
The %{user} field has some smartness in it, which may be working against you now.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Oct 23, 2022 10:28 PM
From: Ronald Wan
Subject: ClearPass - Sending user mapping with domain prefix to Palo Alto
Hi everyone,
I am setting up the Endpoint Context Server to send user-id and IP mapping to Palo Alto.
The key requirement is to have the user name with the Netbios domain suffix.
I have specified the username transformation with "Prefix NetBIOS name".
However, PA is still receiving the <user-id> only, in lieu of the desirable <domain>\<user-id>, like mydomain\user1
Did I did not doing it properly, or somewhere I have to specify the domain name ?
I supposed Clearpass will use the joined domain - domain name in the server manger/system without specify it.
Thanks in advance for any suggestion.
Many thanks