Kerberos Authentication Errors

Kerberos Authentication Errors

30100
Created On 09/26/18 13:51 PM - Last Modified 06/08/23 08:25 AM


Resolution


Issue

When attempting to log in to the firewall using a Kerberos user, an error message similar to the following is displayed:

User 'domain\username' failed authentication. Reason: Invalid username/password From: 192.0.2.33.

 

Resolution

  1. If the Kerberos server is a hostname or fully qualified domain name, ensure the firewall has access to a DNS server which can resolve that name.
  2. If the Kerberos server is an IP address, ensure connectivity can be established between the firewall and the Kerberos server.
  3. If the time on the Kerberos server is not in synch with the Palo Alto Networks device, then synch the time.

 

The main log that can be used to look for password errors:
>tail mp-log authd.log

 

owner: gwesson
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClugCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language