admin auth failed

cancel
Showing results for 
Search instead for 
Did you mean: 

admin auth failed

L0 Member

Hi Support team,

I tried to authenticate admin with RADIUS, but failed.

The following message appeared in System logs:

- User 'komure' failed authentication. Reason: User is  not in allowlist

What does it mean?

device : PA-500

PANOS : 3.1.0

Regards,

Tomoyuki Komure

15 REPLIES 15

Not applicable

Brilliant.  Smiley Happy  Thanks for the great write-up.  I have spent a few hours troubling with this.

Arnljot

I'm still struggling trying to authenticate a group of users as Palo Alto admins. These users are not in any one particular group. I get the error 'Authentication profile not found for the user' . I just want to create a list of ids for Palo Alto to query AD for using LDAP. Is the problem that PA will only search for groups or at a particular search base DN ? It cant search nested groups.

I also am lost on how to turn debugging on just for this process. It would be good to see what the PA queries for.

A 'test authentication' applet in the GUI might be a good thing to add.

Any help would be appreciated.

You can define an Authentication Profile, use LDAP for the auth method, and type in 'all' for the allow user.  The 'all' means any users in your AD/LDAP will valid username/password will be permit as an admin.  I use this to for testing only.  NOTE: 'all' is really all without the quotes.

Once that works, you then permit specific users or groups to be admins by replacing the 'all' with actual AD usernames/groups.

you mean in the auth profile I add all ? Like in the attached picture ? Cause that didnt work.

What do you use for login attribute ? sAMAccountName ?

That's correct - for LDAP, you also need to add the user here:

Screen shot 2011-03-02 at 18.51.50.png

This is why RADIUS can be more scaleable if you have a high number of admins:

https://live.paloaltonetworks.com/docs/DOC-1701

Thanks

James

Thanks that worked.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!