Users Locked Out of AD when Logging to GlobalProtect Configured with RADIUS Authentication Profile

Users Locked Out of AD when Logging to GlobalProtect Configured with RADIUS Authentication Profile

0
Created On 09/26/18 13:51 PM - Last Modified 07/19/22 23:10 PM


Resolution


Symptoms

When a user attempts to login via GlobalProtect, the active directory user gets instantly locked out even if the correct username and password was used.

The authentication profile is set for RADIUS, and the authd.log shows the following:

Authentication failed for user xxxx

Reason: Invalid username/password From: IP x.x.x.x

Issue

This behavior can occur when the shared secret configured in the authentication profile doesn't match the one configured on the RADIUS server itself.

Resolution

Make sure that the shared secret matches.

owner: jteetsel
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClvjCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail