LocalDB User Can't Change Password

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member
Did you find this article helpful? Yes No
No ratings

This article is based on the discussion " Unable to change password on LocalDB user, when added to AuthProfile" by @TorokAdam   and answered by @kiwi. Read on to see the discussion and solution!

 

Using PAN-OS 10.2.2 on a PA-440.

 

I have created a few LocalDB users and added them to a group. Then I've created an authentication profile and added this group to the allow list (also tried with "all"). Since these local users are also the FW-administrators, I've created the same users under Device/Administrators and linked the appropriate Authentication Profile to them.

 

After this, the administrators are unable to change their passwords on the Device/Local users page with the error message:

"Admin user "USERNAME" is defined with authentication profile, cannot set password".

 

The same error message pops up when I try to change the password in CLI. I am unable to change the Auth Profile to none on the Administrator page with the same error message.

 

Workaround is creating user, change pw and then add it to Auth Profile.

 

I have the same setup working on another PA-440 but with PanOS 10.1.x

Could you guys advise? I haven't found this on the support portal under 10.2.2 known issues.

 

This behavior isn't there on PAN-OS 10.1 but starts popping up on PAN-OS 10.2.x

 

kiwi_0-1660224954718.png

 

TAC recognized the behavior and a fix is coming in an upcoming release.

 

NOTE: At the moment of writing this, PAN-OS 10.2.3 is the recommended release for 10.2.x and it's still showing the same behavior.

 
Rate this article:
Register or Sign-in
Labels
Article Dashboard
Version history
Last update:
‎12-16-2022 06:09 AM
Updated by: