Authentication server option

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Authentication server option

L0 Member

I have a new Palo Alto 820 and my Radius server is a Juniper running 9.1 .  At this time my Cisco and other device use a share key to Authenticate to the Juniper device.  On the Palo 820 Pan os 9.1.4 it want me to use the following Auth methods "PEAP-MSCHAPv2, PEAP with GTC, EAP-TTLS with PAP, CHAP, PAP" which I do not use.  I want to know how I can get around this issue so we can use the radius server to grant access to the users.

 

Is there a command line that will send the share key not encrypted.

 

thank you

 

Eddy

 

 

 

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello,

I cant say there is a work around other than allowing those methods on the Radius server. What is the use case for this? Perhaps we can suggest something else, perhaps ldap authentication?

 

Regards,

Cyber Elite
Cyber Elite

@EddyFonseca,

I actually wrote a commend earlier to this forgetting that PAN-OS even still supported standard PAP authentication. Honestly, I would never really recommend it at this point since the vast majority of devices actually support stronger authentication protocols and have for a while. 

With that being said, I actually think you should be able to get this to work by setting up the RADIUS server profile for your Juniper radius-server using PAP. I would strongly recommend following @OtakarKlier's recommendation and actually moving to a secure configuration and not using PAP RADIUS settings. 

  • 1763 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!