Which Radius Authentication Method is Supported on Palo Alto Networks Devices?

Which Radius Authentication Method is Supported on Palo Alto Networks Devices?

19389
Created On 09/25/18 19:20 PM - Last Modified 06/13/23 13:42 PM


Resolution


For PAN-OS 7.0, see the PAN-OS 7.0 Administrator's Guide for an explanation of how CHAP (which is tried first) and PAP (the fallback) are implemented: CHAP and PAP Authentication for RADIUS and TACACS+ Servers

 

For PAN-OS 6.1 and below, the only authentication method that Palo Alto Network supports is Password Authentication Protocol (PAP). The Radius server supports PAP, CHAP, or EAP. Ensure that PAP is selected while configuring the Radius server. If a different authentication is selected, then the error message in the authd.log will only indicate invalid username/password.

image015.png

Note: If the device is configured in FIPS mode, PAP authentication is disabled and CHAP is enforced.

 

owner: pvemuri
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVZCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language