Palo Alto Networks Knowledgebase: Users Locked Out of AD when Logging to GlobalProtect Configured with RADIUS Authentication Profile

Users Locked Out of AD when Logging to GlobalProtect Configured with RADIUS Authentication Profile

2804
Created On 02/07/19 23:41 PM - Last Updated 02/07/19 23:41 PM
Resolution

Symptoms

When a user attempts to login via GlobalProtect, the active directory user gets instantly locked out even if the correct username and password was used.

The authentication profile is set for RADIUS, and the authd.log shows the following:

Authentication failed for user xxxx

Reason: Invalid username/password From: IP x.x.x.x

Issue

This behavior can occur when the shared secret configured in the authentication profile doesn't match the one configured on the RADIUS server itself.

Resolution

Make sure that the shared secret matches.

owner: jteetsel



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClvjCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language