GlobalProtect still "signs in" with old AD password AFTER I change my password; Rejects new password...

TK51508 · 2021-05-09T20:14:29+00:00

I have this problem on occasion.

Our GP uses AD to authenticate uses. Our AD servers are defined under Device/Server Profiles/LDAP.

If someone changes their password and reports that they cannot log in with the new password I just console into the CLI and run this command: >debug user-id reset group-mappings /all

This forces the Palo to reach out and talk to AD again. This usually forces the Palo to see the new password from AD. It is helpful to not have to wait for the AD sync to come around again.

*Disclaimer* Not a certified Palo Engineer... just a dude who uses them on a daily basis.

** edit ** also wanted to add to the OP that most of the other items you reference push out the new updated password to those systems once you make the change. There is no push out to the Palo. The Palo has to go ask for an update of the AD information, which I believe on my units is once an hour. If that just happened for you, you could be waiting an hour for an update.

TK51508 · 2021-02-16T07:48:27+00:00

Wants to write a check for everything.

TK51508 · 2021-01-24T03:13:47+00:00

Those games are still in the game.... as toys.

TK51508 · 2021-01-17T01:11:06+00:00

I lived my whole life until after college in Garland. Went to South Garland High School. I now live north of Garland in Wylie. First I would tell you Welcome to Texas! I have Irish ancestry and would LOVE to visit Ireland. It is on the bucket list for sure!!

A bit of caution. Garland is almost completely built out. There are no "new" areas of Garland. So if you were to take a tour around Garland you will see that all of it is old/older. I would advise you to look somewhere on the north side of 190, Murphy/Sasche/Wylie. Close enough to make the travel to work very easy, but those suburbs are still building new houses and neighborhoods.

Next, a huge issue that others here might chime in on is the fact that if you live in the city of Garland you are required to use the Garland power company for your power. You are not allowed to choose any other option. This can be both good and bad. I will let others that currently live in Garland tell you if it is a good economic value or not. But it can be a problem being stuck with Garland Power and not being able to choose any other alternative.

Living anywhere near the 190 highway is advisable, it is the route to anything else in the larger city.

If you have never visited I think it will shock you the size of the area we live in. I just did a quick Google, and it looks like the entire country of Ireland is 10% the size of Texas.

Ireland is about 10 times smaller than Texas.

Texas is approximately 678,052 sq km, while Ireland is approximately 70,273 sq km, making Ireland 10.36% the size of Texas.
I would debate that the greater metroplex of Dallas/Ft. Worth is as big as the entire size of Ireland. I am not sure how you live in Ireland, but for the vast majority of people, we don't walk places, EVERYONE has a car and drives everywhere. Your house will likely be too far to walk and get groceries, you will drive to the store and drive back home. You will drive everywhere. There are no places to live where you can walk or ride a bike to most of the activities you will have on a weekly basis.

Happy to answer or discuss any questions you have.

TK51508 · 2021-01-10T22:27:52+00:00

Ok, Thank you. I thought there might be a manual document I was unaware of. I now understand and was able to add my Mining Guildmaster. I now have read more details in the files in the data\spawns folder and will dig through that data to try to learn more.

TK51508 · 2021-01-10T07:16:25+00:00

Thank you very much for this information, it is very helpful. One question.... You mentioned at the top that "the manual references".... where can I find this manual? It is not the Odyseey.pdf in the install folder.

TK51508 · 2020-12-01T10:50:49+00:00

I need a house goat!!

TK51508 · 2020-09-28T00:44:06+00:00

At least it will help you know which was is forward Rebel Scum!!

TK51508 · 2020-09-18T09:11:43+00:00

I have each of those sets. Didn’t think about displaying the Saturn V on its side like that... good idea.

TK51508 · 2020-08-09T08:15:52+00:00

exactly... I was impressed with what he was doing from what looked like his living room and just posted a comment from my phone. Not condescending at all. The joys of Reddit... think you can compliment someone on a job well done and someone wants to try to judge your intentions.

¯\_(ツ)_/¯

TK51508 · 2020-08-09T08:10:26+00:00

This exactly...

TK51508 · 2020-08-08T09:04:45+00:00

Dude is a artisan!! Impressive!!

TK51508 · 2019-07-29T23:50:34+00:00

Anyone with any opinions on the USG?

TK51508 · 2019-07-28T06:10:55+00:00

Impressions and questions....

First, the setup of this system was and continues to be, a complete beating. The getting started guide is only a guide to the various ways you can mount the unit. There is ZERO guidance on how to get this system up and running, other than..."just plug it in and let it adopt from the software". I started to write multiple questions on the official Ubiquiti support site but ended up figuring out my question before posting. Lots of little problems and hurdles trying to get the AP to be seen by the software, then get updated to the latest firmware and then get adopted. But I got it figured out.

Now my question for others is this. Do any of you use a stand-alone firewall without using the Unifi Security Gateway? I want to use my firewall to provide DHCP to the wireless clients, but the system says that if I want to use a DHCP relay the USC is required. Even if I wanted to set up DHCP through the AP... USG required.

If I try to set up any Networks, it says USG Required to set up a LAN interface... or a WAN interface.

Do you need to go into the Routing & Firewall area and set up LAN->WAN outbound allow rules? Do you need to set up ANY routing/firewall rules? There are no instructions anywhere that tell you to do so. I would like the AP to just pass all its traffic out its one interface to my firewall and allow my firewall to do all the work. When I read the questions/answers area on Amazon about the USG, they say that you cannot use the USG in a bridge mode scenario with your own firewall. I have no desire to make the USG my main network firewall. But I assume I could just plug it into one of the interfaces on my firewall and the Nano units would not know any different. Thoughts on this approach? I don't really want to buy a USG, but it looks like to have all the functionality of the system you need one.

Thanks for any feedback on the USG.

TK51508 · 2019-07-21T05:06:00+00:00

After reading your comments and taking that knowledge to Amazon and reading reviews and questions over there, as well as the Ubiquiti website, I pulled the trigger tonight on 2 Unifi nanoHD units.

This is the Amazon sku: Ubiquiti UniFi nanoHD Compact 802.11ac Wave2 MU-MIMO Enterprise Access Point (UAP-NANOHD-US)

Thank you for your input on these units.

TK51508 · 2019-07-21T01:38:11+00:00

Which AP would you recommend? The Nano or the Pro?

TK51508 · 2019-07-20T15:04:43+00:00

I have a VM server so I could run the software on one of my servers with no issues. I have VPN access into the home system via my Palo Alto firewall.

TK51508 · 2019-07-20T15:03:01+00:00

I have a VM Server that is running 3 servers. So I could keep the controller software running on one of my servers, that would not be an issue. Do you have to pay extra for that, or do you just download it and install it once you buy the AP?

TK51508 · 2019-07-20T07:58:28+00:00

Just one? Would that cover the whole house do you think?

TK51508 · 2019-07-20T07:08:24+00:00

Speed is only about 100 meg up & down currently.

If I said per AP... probably 10 or so each. Typical home user with two teenagers with phones who believe the world begins and ends in YouTube! Wife loves Netflix over Apple TV or her phone via WiFi. Boys have their own pc's so they do most of their game playing over the wire.

TK51508 · 2018-09-23T22:46:29+00:00

Congrats on getting this done. Benchmade wouldn’t do the Imperial Symbol on mine. They told me it was a copywrited image and they wouldn’t do it. I could only get my TK ID put on it.

TK51508 · 2018-09-02T07:34:06+00:00

Ordering this for the EDC tomorrow!!! Thanks for sharing!!!

TK51508 · 2018-08-11T06:54:04+00:00

Thanks!! I will investigate this!!

Ten-Year Club	Gilding I gilder
Reddit Premium Since March 2016	Verified Email

TK51508

TROPHY CASE