CLI Cheat Sheet: User-ID
Use the following commands to perform common User-ID configuration and monitoring tasks.
To see more comprehensive logging information enable debug mode on the agent using the debug user-id log-ip-user-mapping yes command. When you are done troubleshooting, disable debug mode using debug user-id log-ip-user-mapping no .
CLI Cheat Sheet: User-ID
View all User-ID agents configured to send user mappings to the Palo Alto Networks device: To see all configured Windows-based agents: > show user user-id-agent state all To see if the PAN-OS-integrated agent is configured: > show user server-monitor state all
View the configuration of a User-ID agent from the Palo Alto Networks device: > show user user-id-agent config name <agent-name>
View group mapping information: > show user group-mapping statistics > show user group-mapping state all > show user group list > show user group name <group-name>
View all user mappings on the Palo Alto Networks device: > show user ip-user-mapping all Show user mappings filtered by a username string (if the string includes the domain name, use two backslashes before the username): > show user ip-user-mapping all | match <domain>\\<username-string> Show user mappings for a specific IP address: > show user ip-user-mapping ip <ip-address> Show usernames: > show user user-ids
View the most recent addresses learned from a particular User-ID agent: > show log userid datasourcename equal <agent-name> direction equal backward
View mappings from a particular type of authentication service: > show log userid datasourcetype equal <authentication-service> where <authentication-service> can be be authenticate , client-cert , directory-server , exchange-server , globalprotect , kerberos , netbios-probing , ntlm , unknown , vpn-client , or wmi-probing . For example, to view all user mappings from the Kerberos server, you would enter the following command: > show log userid datasourcetype equal kerberos
View mappings learned using a particular type of user mapping: > show log userid datasource equal <datasource> where <datasource> can be be agent , captive-portal , event-log , ha , probing , server-session-monitor , ts-agent , unknown , vpn-client , xml-api . For example, to view all user mappings from the XML API, you would enter the following command: > show log userid datasourcetype equal xml-api
Find a user mapping based on an email address: > show user email-lookup + base Default base distinguished name (DN) to use for searches + bind-dn bind distinguished name + bind-password bind password + domain Domain name to be used for username + group-object group object class(comma-separated) + name-attribute name attribute + proxy-agent agent ip or host name. + proxy-agent-port user-id agent listening port, default is 5007 + use-ssl use-ssl * email email address > mail-attribute mail attribute > server ldap server ip or host name. > server-port ldap server listening port For example: > show user email-lookup base "DC=lab,DC=sg,DC=acme,DC=local" bind-dn "CN=Administrator,CN=Users,DC=lab,DC=sg,DC=acme,DC=local" bind-password acme use-ssl no email user1@lab.sg.acme.local mail-attribute mail server 10.1.1.1 server-port 389 labsg\user1
Clear the User-ID cache: clear user-cache all Clear a User-ID mapping for a specific IP address: clear user-cache ip <ip-address/netmask>

Related Documentation