This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Add Device Authentication Failure

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Add Device Authentication Failure

UNMPDgordon
L1 Bithead

‎11-29-2022 02:36 PM

More of an advice posting than a request for assistance.

 

Do not make your PA firewall admin password really crazy long and complex (like I did ~ at 19 characters long).

If you do, you might get tripped up by Expedition when you try and add a device and the user API keys.

 

Background:

New PA-440 Firewall (FW)

Stood up Expedition VM on Monday the 21st.

 

I kept getting "Invalid Credential" in Expedition when trying to add the API key for admin with my crazy long complex pwd.

I was able to SSH from the Ubuntu Server to the FW using admin with its 19-character long password so was greatly puzzled why Expedition was bombing out. Even opened a case on PA support. Lots of inconclusive results found.

 

After a zoom session a short time ago with my local PA VAR and a SE with PA, I found a clue to a possible solution in the /home/userSpace/devices/debug.txt file: only part of that long booger of a pwd was being transmitted to the FW so of course(!) authentication is going to fail! As an aside, I find it curious that the pwd used is in clear text in the debug.txt file!

 

After changing my FW admin pwd to something that _just_ meets the security requirements (8 long, one cap, 5 lower and 2 bangs), committing, signing out of everything, signing back into Expedition, adding my device and using the shorter admin pwd, the add succeeded and the 3 keys were populated!

5 REPLIES 5

M.Anderson
L2 Linker

‎01-20-2023 01:44 PM

I'm running into the same issue.  PWD = 9 characters, upper case, lower case, number, special character #

Any recommendations?

0 Likes Likes

lychiang
L6 Presenter
In response to M.Anderson

‎01-20-2023 02:32 PM

@M.Anderson Try to remove the special character and try again, if it's still not working, you can try create a new user account on the firewall and assign the API read permission. 

M.Anderson
L2 Linker

‎01-24-2023 09:20 AM

I did both.  Added a new user account with API read permissions, as well as removing the special character.  Thank you sir!

 

0 Likes Likes

AnthonyPacheco
L0 Member

‎01-16-2024 07:35 AM

any resolution to this? I've tried username/password, api login, removal of special characters, etc 

0 Likes Likes

dpuigdomenec
L4 Transporter
In response to AnthonyPacheco

‎01-16-2024 09:05 AM

Hi @AnthonyPacheco 

 

Try to execute the external command and later in Expedition create the device and add directly the created API_KEY

 

curl -H "Content-Type: application/x-www-form-urlencoded" -X POST https://firewall/api/?type=keygen -d 'user=<user>&password=<password>'

Reference article: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/get-your...

 

Hope this helps,

 

David

 

0 Likes Likes
  • 2292 Views
  • 5 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks