Palo alto integrate with Rsa Authentication Manager . I have configured Global protect which is working fine, now end users will authenticate with RSA using radius . Kindly share proper steps of configuration . I have tried as per document but some errors are showing . Thanks .
It would be easier if you simply stated what you are having an issue with, instead of asking for yet another guide to be created. What errors are you actually getting?
Use the CLI command 'test authentication authentication-profile' and build out a complete command and post the output.
Most useful information is going to be coming from the actual RADIUS server logs on the RSA server itself to see exactly why the auth request is failing. Also worth double checking the shared secret and noting what Auth Protocol you have configured on the server profile. Lets get the output of the above test though first, it could be something extremely simple to identify with that output.
Output of test authentication authentication-profile <auth profile > username <username> password
''Target vsys is not specified , user "faizan" is assumed to be configured with a shared authentication profile ''
Using Palo Alto 850.
Please actually post the entire output, not just repeating the original message. To be clear, the "error" you keep repeating isn't an error message, unless you've set the target vsys on the system prior to testing it will only look in the shared auth profiles. The message doesn't indicate a failure to auth against the Radius server, which is why I need to full output of the test command.
If the only "error" you are getting is this message and your auth request actually returns a valid response, everything is functioning as designed; the message is simply stating that you didn't specify a vsys and is therefore only going to utilize any shared profiles that have been configured.
Dear basically issue has been resolved . Invalid radius response error was coming as showing on above snapshot. Due to screte key mis match this error was coming . Thanks for your kind responses which is highly appriciated .
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!