05-12-2021 12:30 PM
I have a new Palo Alto 820 and my Radius server is a Juniper running 9.1 . At this time my Cisco and other device use a share key to Authenticate to the Juniper device. On the Palo 820 Pan os 9.1.4 it want me to use the following Auth methods "PEAP-MSCHAPv2, PEAP with GTC, EAP-TTLS with PAP, CHAP, PAP" which I do not use. I want to know how I can get around this issue so we can use the radius server to grant access to the users.
Is there a command line that will send the share key not encrypted.
thank you
Eddy
05-13-2021 10:28 AM
Hello,
I cant say there is a work around other than allowing those methods on the Radius server. What is the use case for this? Perhaps we can suggest something else, perhaps ldap authentication?
Regards,
05-13-2021 08:27 PM
I actually wrote a commend earlier to this forgetting that PAN-OS even still supported standard PAP authentication. Honestly, I would never really recommend it at this point since the vast majority of devices actually support stronger authentication protocols and have for a while.
With that being said, I actually think you should be able to get this to work by setting up the RADIUS server profile for your Juniper radius-server using PAP. I would strongly recommend following @OtakarKlier's recommendation and actually moving to a secure configuration and not using PAP RADIUS settings.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
