How to Configure Basic RADIUS Authentication

How to Configure Basic RADIUS Authentication

17645
Created On 01/16/20 04:15 AM - Last Modified 01/17/20 00:41 AM


Objective


This document describes how to configure RADIUS authentication profile using PAP or CHAP.

Environment


  • PAN-OS 8.0 and above.
  • Palo Alto Firewall.

Procedure


  1. Ensure the management IP of the Firewall is configured on the RADIUS server as a client.
  2. Add the above radius server on Firewall using GUI:  Device > Server Profiles > RADIUS. Configure the name, IP address secret and port used. Note that the authentication profile used is PAP or CHAP.
radius server profile
 
  1. Next, configure the authentication profile to use this server using GUI: Device > Authentication Profile > Add. Select the "Type" as Radius and in the "Server Profile" section select the RADIUS server profile created in step 1 above. Username modifier info below.
  • If the source sends the user information in domain\username format, the firewall sends the user information to the server in the same format.
  • If the source sends the user information in username@domain format, the firewall normalizes the user information to the domain\username format before sending it to the server.
  • If the source sends only the username, the firewall adds the User Domain you specify before sending the information to the server in domain\username format.
Authentication Profile
  1. Click on the "Advanced" tab and select the users to be added to the allowed list. The "Factors" tab is untouched and is used in the case of Multi- Factor Authentication.
Advanced Section
  1. Click on OK and Commit the configuration.
The configured radius authentication profile can now be used for device administrators, remote VPN or captive portal. 


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POFXCA4&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail