Configure rsa with palo alto radius protocol

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Configure rsa with palo alto radius protocol

L1 Bithead

Palo alto integrate with Rsa Authentication Manager . I have configured Global protect which is working fine, now end users will authenticate with RSA using radius . Kindly share proper steps of configuration . I have tried as per document but some errors are showing . Thanks .

7 REPLIES 7

Cyber Elite
Cyber Elite

@Syedhammadali123,

It would be easier if you simply stated what you are having an issue with, instead of asking for yet another guide to be created. What errors are you actually getting? 

Error is mentioned below . 

 

Target vsys is not specified , user "faizan" is assumed to be configured with a shared authentication profile . 

 

@Syedhammadali123,

Use the CLI command 'test authentication authentication-profile' and build out a complete command and post the output.

Most useful information is going to be coming from the actual RADIUS server logs on the RSA server itself to see exactly why the auth request is failing. Also worth double checking the shared secret and noting what Auth Protocol you have configured on the server profile. Lets get the output of the above test though first, it could be something extremely simple to identify with that output. 

okay i will check the output with this commad . 

@BPry 

Output of test authentication authentication-profile <auth profile >  username <username>  password

 

''Target vsys is not specified , user "faizan" is assumed to be configured with a shared authentication profile ''

 

Using Palo Alto 850.

 

 

 

@Syedhammadali123,

Please actually post the entire output, not just repeating the original message. To be clear, the "error" you keep repeating isn't an error message, unless you've set the target vsys on the system prior to testing it will only look in the shared auth profiles. The message doesn't indicate a failure to auth against the Radius server, which is why I need to full output of the test command. 

If the only "error" you are getting is this message and your auth request actually returns a valid response, everything is functioning as designed; the message is simply stating that you didn't specify a vsys and is therefore only going to utilize any shared profiles that have been configured. 

IMG-20190628-WA0005.jpeg

Dear basically issue has been resolved . Invalid radius response error was coming as showing on above snapshot. Due to screte key mis match this error was coming . Thanks for your kind responses which is highly appriciated . 

  • 5427 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!