Authentication failing when the Palo Alto Networks firewall is sending the usernames along with the domain name to RADIUS server, while the server expects the firewall to send only usernames.
Cause
By default, the firewall appends the domain name to the username in the authentication response if the domain is specified in the server profile.
Resolution
To disable sending the domain name in the authentication response, run the following operational command on the