article LocalDB User Can't Change Password in General Articles

article LocalDB User Can't Change Password in General Articles https://live.paloaltonetworks.com/t5/general-articles/localdb-user-can-t-change-password/ta-p/523788 <P>This article is based on the discussion "<A href="https://live.paloaltonetworks.com/t5/general-topics/unable-to-change-password-on-localdb-user-when-added-to/m-p/511451" target="_blank" rel="noopener"> Unable to change password on LocalDB user, when added to AuthProfile</A>" by <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/146258">@TorokAdam</a>   and answered by <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>. Read on to see the discussion and solution!</P> <P> </P> <DIV class="lia-message-template-content-zone"> <BLOCKQUOTE> <P>Using PAN-OS 10.2.2 on a PA-440.</P> <P> </P> <P>I have created a few LocalDB users and added them to a group. Then I've created an authentication profile and added this group to the allow list (also tried with "all"). Since these local users are also the FW-administrators, I've created the same users under Device/Administrators and linked the appropriate Authentication Profile to them.</P> <P> </P> <P>After this, the administrators are unable to change their passwords on the Device/Local users page with the error message:</P> <P><STRONG>"Admin user &quot;USERNAME&quot; is defined with authentication profile, cannot set password".</STRONG></P> <P> </P> <P>The same error message pops up when I try to change the password in CLI. I am unable to change the Auth Profile to none on the Administrator page with the same error message.</P> <P> </P> <P>Workaround is creating user, change pw and then add it to Auth Profile.</P> <P> </P> <P>I have the same setup working on another PA-440 but with PanOS 10.1.x</P> <P>Could you guys advise? I haven't found this on the support portal under 10.2.2 known issues.</P> </BLOCKQUOTE> <P> </P> <P>This behavior isn't there on PAN-OS 10.1 but starts popping up on PAN-OS 10.2.x</P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_0-1660224954718.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/43109iC5F6FF2AF32A2819/image-size/large?v=v2&px=999" role="button" title="kiwi_0-1660224954718.png" alt="kiwi_0-1660224954718.png" /></span></P> <P> </P> <P>TAC recognized the behavior and a fix is coming in an upcoming release.</P> <P> </P> <P><MARK>NOTE: At the moment of writing this, PAN-OS 10.2.3 is the recommended release for 10.2.x and it's still showing the same behavior.</MARK></P> </DIV> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4"> </DIV> Fri, 16 Dec 2022 14:09:20 GMT kiwi 2022-12-16T14:09:20Z LocalDB User Can't Change Password https://live.paloaltonetworks.com/t5/general-articles/localdb-user-can-t-change-password/ta-p/523788 <P> </P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4"> </DIV> Fri, 16 Dec 2022 14:09:20 GMT https://live.paloaltonetworks.com/t5/general-articles/localdb-user-can-t-change-password/ta-p/523788 kiwi 2022-12-16T14:09:20Z