LocalDB User Can't Change Password

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Community Team Member
No ratings

This article is based on the discussion " Unable to change password on LocalDB user, when added to AuthProfile" by @TorokAdam   and answered by @kiwi. Read on to see the discussion and solution!


Using PAN-OS 10.2.2 on a PA-440.


I have created a few LocalDB users and added them to a group. Then I've created an authentication profile and added this group to the allow list (also tried with "all"). Since these local users are also the FW-administrators, I've created the same users under Device/Administrators and linked the appropriate Authentication Profile to them.


After this, the administrators are unable to change their passwords on the Device/Local users page with the error message:

"Admin user "USERNAME" is defined with authentication profile, cannot set password".


The same error message pops up when I try to change the password in CLI. I am unable to change the Auth Profile to none on the Administrator page with the same error message.


Workaround is creating user, change pw and then add it to Auth Profile.


I have the same setup working on another PA-440 but with PanOS 10.1.x

Could you guys advise? I haven't found this on the support portal under 10.2.2 known issues.


This behavior isn't there on PAN-OS 10.1 but starts popping up on PAN-OS 10.2.x




TAC recognized the behavior and a fix is coming in an upcoming release.


NOTE: At the moment of writing this, PAN-OS 10.2.3 is the recommended release for 10.2.x and it's still showing the same behavior.

Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎12-16-2022 06:09 AM
Updated by: