I add the same error but with ldap and ssl, and i switch the authentication profile (that i add LDAP) and switch to authentication none. I add to include the group where the users belongs to. In radius you can check the user group that the user belongs.
And worked for me.
If you are using RADIUS for authentication, it's going to be two parts. First, you must allow the RADIUS authentication. I would pick a global group like "Authenticated Users" or "Domain Users" in your RADIUS policy.
Then you have to allow the user in either the Administrators list under the Device tab, or the Authentication Profile you are using for your SSL VPN.
Could some one please post a working example of administrator authentication via LDAP?
I have many non-Palo devices working like a treat but I can't seem to get the Palo to work!
I can't even find anything in the log and doing a debug ldap-server stats shows the server as not running!
If there a better way to test? Some log that may indicate as to why it is not making a connection e.g. invalid bind DN etc?
I believe you can only use RADUIS if you want to authenticate an administrative user to the PAN Device. I see two options when configuring a new administrative user, Local DB and RADIUS.
You can use the PAN Agent to authenticate users using LDAP if you want to setup security policies with source users.
Starting in version 3.1.x, you can define authentication profile which uses local DB, Radius, or LDAP. The administrators can be authenticated to the profile of your choosing and admin auth can use local DB, Radius, or LDAP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!