Configure rsa with palo alto radius protocol

Reply
Highlighted
L1 Bithead

Configure rsa with palo alto radius protocol

Palo alto integrate with Rsa Authentication Manager . I have configured Global protect which is working fine, now end users will authenticate with RSA using radius . Kindly share proper steps of configuration . I have tried as per document but some errors are showing . Thanks .

Highlighted
Cyber Elite

Re: Configure rsa with palo alto radius protocol

@Syedhammadali123,

It would be easier if you simply stated what you are having an issue with, instead of asking for yet another guide to be created. What errors are you actually getting? 

Highlighted
L1 Bithead

Re: Configure rsa with palo alto radius protocol

Error is mentioned below . 

 

Target vsys is not specified , user "faizan" is assumed to be configured with a shared authentication profile . 

 

Highlighted
Cyber Elite

Re: Configure rsa with palo alto radius protocol

@Syedhammadali123,

Use the CLI command 'test authentication authentication-profile' and build out a complete command and post the output.

Most useful information is going to be coming from the actual RADIUS server logs on the RSA server itself to see exactly why the auth request is failing. Also worth double checking the shared secret and noting what Auth Protocol you have configured on the server profile. Lets get the output of the above test though first, it could be something extremely simple to identify with that output. 

Highlighted
L1 Bithead

Re: Configure rsa with palo alto radius protocol

okay i will check the output with this commad . 

Highlighted
L1 Bithead

Re: Configure rsa with palo alto radius protocol

@BPry 

Output of test authentication authentication-profile <auth profile >  username <username>  password

 

''Target vsys is not specified , user "faizan" is assumed to be configured with a shared authentication profile ''

 

Using Palo Alto 850.

 

 

 

Highlighted
Cyber Elite

Re: Configure rsa with palo alto radius protocol

@Syedhammadali123,

Please actually post the entire output, not just repeating the original message. To be clear, the "error" you keep repeating isn't an error message, unless you've set the target vsys on the system prior to testing it will only look in the shared auth profiles. The message doesn't indicate a failure to auth against the Radius server, which is why I need to full output of the test command. 

If the only "error" you are getting is this message and your auth request actually returns a valid response, everything is functioning as designed; the message is simply stating that you didn't specify a vsys and is therefore only going to utilize any shared profiles that have been configured. 

Highlighted
L1 Bithead

Re: Configure rsa with palo alto radius protocol

IMG-20190628-WA0005.jpeg

Dear basically issue has been resolved . Invalid radius response error was coming as showing on above snapshot. Due to screte key mis match this error was coming . Thanks for your kind responses which is highly appriciated . 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!