When you upgrade to Paloalto OS on PANOS 7, You Couldn’t login by LDAP.
And meet next error.
“Invalid username/password auth profile”
“User is not in allowlist auth profile”
Then you need to check point below list.
- Check to LDAP Server Profile Setting in Device -> Server Profiles -> LDAP
- If you information not wrong for LDAP server Profile in Device -> User Identifacation -> Group Mapping Settings, you can see Group Include List, Also check setting like below
Server profile in Group Mapping
Group Include List in Group Mapping
- Check on Authentication Profile in Device -> Authentication Profile.
- Very Important to set “all” in Advanced.
- Allow list don’t worry about all access. First login check is Administrators list in Device -> Administrators.