Invalid Username/Password

Issue

Administrators using an Authentication Profile are unable to log in. In the authd.log, the following error is seen:

User 'administrator' failed authentication.  Reason: Invalid username/password From: 172.16.0.10

Resolution

Authentication Profiles containing spaces in the name will not authenticate users. Replacing the space in the Authentication Profile name with another character, or removing the space will resolve the issue.

Example of non-working config:

      pantac admins { 
        lockout {
          failed-attempts 5;
          lockout-time 45;
        }
        allow-list [ administrator ];
        method {
          ldap {
            server-profile pantac domain;
            login-attribute sAMAccountName;
            passwd-exp-days 7;

Example of working config:

      pantac_admins {
        lockout {
          failed-attempts 5;
          lockout-time 45;
        }
        allow-list [ administrator ];
        method {
          ldap {
            server-profile pantac domain;
            login-attribute sAMAccountName;
            passwd-exp-days 7;

This issue has been observed where LDAP authentication is used as well as with GlobalProtect. The ability to use spaces in Auth Profile names may be added in a future release.

owner: dlorenzen