I have a stand-alone system which is utilizing two Palo Alto 220 Firewalls. As part of this system, I have RADIUS policies configured on a Windows server to provide domain-admin access to the device. On one PA220 I am able to login with my domain credentials and access the device without issue. On the other PA220 I am able to login with domain credentials as well. However, once logged in I am brought to a page that prompts me to change my password. It has a field for Old Password, New Password and New Password verification. I am not able to navigate beyond this prompt. If I try to submit the form without inputting any values it errors saying "password required." If I submit the form with appropriate values (old password and a new password) it errors saying "Cannot change password for remote users."
What could be causing this to occur? I know my RADIUS is working as it should and the two PA220's are configured identically despite one functioning and the other not.
I still have a local admin account on the device, so I am able to make changes, I just don't know what needs to be changed (local admin account is not being prompted to change password).
Things I have tried:
Compared the "working" PA220 to the "non-working" PA220
Looked through device settings for misconfigurations
Ensured "change password at first login" has been disabled
Deleted authentication profiles and re-added them
Deleted users and re-added them
Any advice/suggestion would be greatly appreciated!
Can you export the configuration on "bad" one, and import it onto "good" firewall.
use the Config Audit functionality to definitely compare side by side (vs eye balling it..
Just an idea besides prayer.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!