RADIUS Authentication Failing

RADIUS Authentication Failing

17120
Created On 10/16/19 20:23 PM - Last Modified 04/27/20 19:15 PM


Symptom


  • Authentication failure when trying to login
  • Error message "No service source route is set" seen in authd.log
> tail follow yes mp-log authd.log 

Egress: No service source route is set, might use destination source route if configured
Authentication to RADIUS server at 10.10.10.100:1645 for user "user"

 

Environment


  • PA-VM-300
  • PAN-OS
  • RADIUS Authentication
  • Using Dataplane interface for management

Cause


  • By default RADIUS authentication uses the MGT interface

Resolution


  • Change the Service Route for RADIUS authentication from Default to the interface used for management.
  1. Device > Setup > Services tab
  2. Under Services Features select "Service Route Configuration"
  3. Click Customize
  4. Click RADIUS
  5. Select Source Interface used for Management (Source Address should auto-populate)
  6. Click OK twice.
  7. Commit

Additional Information


  • Creating a Service Route to use a dataplane interface
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PN2SCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail