03-21-2017 12:42 AM
Hi All,
I have met a problem with access to my Active Pan Device by Web Admin GUI.
I can access by SSH Console and I can access to Standby Device in HA System.
My device: PAN 3020, OS Version 6.1.4.
Have anyone meet the same problem, please share the solutions.
Error logs
---------------------
2017-03-21 11:04:21.009 +0700 Error: pan_authd_user_is_lockedout(pan_authd_localdb_utils.c:389): failed to prepare sql statement: select * from profiledb where vsysname=? and profilename=?
2017-03-21 11:04:21.012 +0700 Error: pan_auth_user_is_in_locklist(pan_authd_localdb_utils.c:177): failed to prepare sql statement: select * from locklist where vsysname=? and profilename=? and lower(username)=lower(?) and flags<>?
2017-03-21 11:04:21.013 +0700 Error: pan_auth_lock_user(pan_authd_localdb_utils.c:853): failed to lock user <shared,__dummy_%_admin_%_profile__,apiconfig>
2017-03-21 11:04:21.014 +0700 Error: pan_authd_user_auth_failure_alarm_gen(pan_authd_localdb_utils.c:663): failed to prepare sql statement: select * from profiledb where vsysname=? and profilename=?
2017-03-21 11:06:25.975 +0700 Error: pan_authd_handle_get_pwchange_required(pan_authd.c:3041): Failed in get_pwchange_required.
2017-03-21 11:06:26.082 +0700 Error: pan_auth_get_lastpwchange(pan_authd_localdb_utils.c:2943): Error in preparing sql statement.Could not access password history.
2017-03-21 11:06:26.082 +0700 Error: pan_auth_set_lastpwchange(pan_authd_localdb_utils.c:2994): Error getting lastpwchange for user:user1
2017-03-21 11:06:26.082 +0700 Error: pan_authd_handle_set_lastpwchange(pan_authd.c:2971): Failed to set lastpwchange.
2017-03-21 11:06:26.604 +0700 Error: pan_authd_admin_unlock_complete_handler(pan_authd_ops.c:482): failed to prepare sql statement: select * from authseqdb
2017-03-21 11:06:26.605 +0700 Error: cfgagent_doop_callback(pan_cfgagent.c:512): Failed to handle op command for agent:
2017-03-21 11:06:43.304 +0700 Error: pan_authd_admin_unlock_complete_handler(pan_authd_ops.c:482): failed to prepare sql statement: select * from authseqdb
2017-03-21 11:06:43.304 +0700 Error: cfgagent_doop_callback(pan_cfgagent.c:512): Failed to handle op command for agent:
2017-03-21 11:07:19.557 +0700 Error: pan_cfg_parse_authprofiles(pan_authd_ludb.c:1005): lockout time value missing
2017-03-21 11:07:19.558 +0700 Error: pan_cfg_parse_authprofiles(pan_authd_ludb.c:1005): lockout time value missing
2017-03-21 11:07:19.746 +0700 Error: pan_ludb_unmark_all(pan_authd_ludb.c:1640): failed to unmark rows in db: unable to open database file
2017-03-21 11:07:19.746 +0700 Error: pan_ludb_update_user_db(pan_authd_ludb.c:1764): failed to unmark rows in db
2017-03-21 11:07:19.747 +0700 Error: pan_ludb_update_profiledb(pan_authd_ludb.c:2189): failed to drop table in db: unable to open database file
2017-03-21 11:07:19.747 +0700 Error: pan_ludb_update_auth_db(pan_authd_ludb.c:3141): failed to update profile db
2017-03-21 11:07:19.747 +0700 Error: pan_ludb_update_adminuser_db(pan_authd_ludb.c:3075): failed to drop adminusers table in db: unable to open database file
2017-03-21 11:07:19.748 +0700 Error: pan_ludb_update_ssh_authkey(pan_authd_ludb.c:3048): Could not set ssh-authentication public key for admin2017-03-21 11:07:19.748 +0700 debug: pan_cfg_set_ssh_auth_public_key(pan_cfg_utils.c:7497): Public key format = OpenSSH, type = RSA
2017-03-21 11:07:19.815 +0700 Error: pan_ludb_update_ssh_authkey(pan_authd_ludb.c:3048): Could not set ssh-authentication public key for giangpd2017-03-21 11:07:19.816 +0700 Error: pan_ludb_update_ssh_authkey(pan_authd_ludb.c:3048): Could not set ssh-authentication public key for apiconfig2017-03-21 11:07:19.816 +0700 Error: pan_ludb_update_ssh_authkey(pan_authd_ludb.c:3048): Could not set ssh-authentication public key for xemconfig2017-03-21 11:07:19.816 +0700 Error: pan_ludb_update_ssh_authkey(pan_authd_ludb.c:3048): Could not set ssh-authentication public key for xemreport2017-03-21 11:07:19.816 +0700 Error: pan_ludb_update_ssh_authkey(pan_authd_ludb.c:3048): Could not set ssh-authentication public key for user12017-03-21 11:07:19.816 +0700 Error: pan_ludb_update_ssh_authkey(pan_authd_ludb.c:3048): Could not set ssh-authentication public key for checkarp2017-03-21 11:07:19.816 +0700 Error: pan_ludb_update_ssh_authkey(pan_authd_ludb.c:3048): Could not set ssh-authentication public key for user12017-03-21 11:07:19.816 +0700 Error: pan_authd_remove_pwhistory(pan_authd_localdb_utils.c:3100): failed to remove all users from pwhistory
2017-03-21 11:07:19.816 +0700 Error: pan_authd_delete_expired_login_count(pan_authd_ludb.c:4092): Error delete login count from login history.Could not access login history.
---------------------
Thanks in advances.
03-21-2017 05:54 AM
It looks like your account has been locked out for some reason. You could attempt to tail follow yes mp-log authd.log and see what it says for sure. I'm not positive if the sql statement errors are being generated because of a further pressing issue or if that is simply tied to the account being locked out.
Ps: Update your dang systems man! 6.1.4 is out of date even in the 6.1.* line!
03-21-2017 08:20 PM
Hi BPry,
Thanks a lot your reponse.
"It looks like your account has been locked out for some reason." -> Yes, it's exprired by password profile (account not use in amount time).
But with the backup admin account (never exprired), I also not access to Web GUI with this account (only access to CLI).
Result of "tail follow yes mp-log authd.log" command, plz reivew it:
2017-03-22 10:04:20.832 +0700 Error: pan_auth_user_is_in_locklist(pan_authd_localdb_utils.c:177): failed to prepare sql statement: select * from locklist where vsysname=? and profilename=? and lower(username)=lower(?) and flags<>? 2017-03-22 10:04:20.833 +0700 Error: pan_auth_lock_user(pan_authd_localdb_utils.c:853): failed to lock user <shared,__dummy_%_admin_%_profile__,apiconfig> 2017-03-22 10:04:20.833 +0700 Error: pan_authd_user_auth_failure_alarm_gen(pan_authd_localdb_utils.c:695): failed to prepare sql statement: select * from locklist where vsysname=? and profilename=? and lower(username)=lower(?) and flags<>? 2017-03-22 10:04:20.833 +0700 debug: pan_authd_process_authresult(pan_authd.c:1399): Alarm generation set to: False. 2017-03-22 10:04:20.833 +0700 User 'abc' failed authentication. Reason: Invalid username/password From: 192.168.x.x. 2017-03-22 10:04:20.833 +0700 debug: pan_authd_generate_system_log(pan_authd.c:866): CC Enabled=False 2017-03-22 10:06:20.966 +0700 debug: pan_authd_service_req(pan_authd.c:3324): Authd:get group request 2017-03-22 10:06:20.966 +0700 debug: pan_authd_handle_group_req(pan_authd.c:3211): Got user role/adomain / for user xxx 2017-03-22 10:06:20.968 +0700 Error: pan_authd_inc_expired_login_count(pan_authd_ludb.c:3986): Error in binding username to sql statement.Could not access login history. 2017-03-22 10:06:20.968 +0700 Error: pan_authd_handle_group_req(pan_authd.c:3259): Failed to increment login count for xxx
Ps: Update your dang systems man! 6.1.4 is out of date even in the 6.1.* line! -> Thanks a lot for your remind, I will update asap ^_^
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
