Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Which Radius Authentication Method is Supported on Palo Alto Ne... - Knowledge Base - Palo Alto Networks

Which Radius Authentication Method is Supported on Palo Alto Networks Devices?

23091
Created On 09/25/18 19:20 PM - Last Modified 06/13/23 13:42 PM


Resolution


For PAN-OS 7.0, see the PAN-OS 7.0 Administrator's Guide for an explanation of how CHAP (which is tried first) and PAP (the fallback) are implemented: CHAP and PAP Authentication for RADIUS and TACACS+ Servers

 

For PAN-OS 6.1 and below, the only authentication method that Palo Alto Network supports is Password Authentication Protocol (PAP). The Radius server supports PAP, CHAP, or EAP. Ensure that PAP is selected while configuring the Radius server. If a different authentication is selected, then the error message in the authd.log will only indicate invalid username/password.

image015.png

Note: If the device is configured in FIPS mode, PAP authentication is disabled and CHAP is enforced.

 

owner: pvemuri



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVZCA0&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language