Can somebody tell me how to configure the Radius authentification for
I have configured the "Authentication Profile" with a Radius Server (IP, Secret).
I have added an Active Directory Group in the allow list. So, the AD agent is working!
I know that the agent is not necessary.
The Radius is an Windows 2008 Server. I have configured them with the explanaition
in this Knowledge Point (https://live.paloaltonetworks.com/docs/DOC-1232)!
When I try to authenticate myself, I get an error (Radius Server) that my Username and/or Password are wrong.
When I use the Captive Portal with the same Radius Server, then it works.
When I use the local database for the SSL-VPN authentication, then it works immediately.
So, can somebody tell me what I'm doing wrong!
Is there a hidden property that I have to set!?
If Radius is working for the management login and not for the SSL VPN, there may be a config in the PAN that isn't correct. You may want to check the domain name in the Authentication Profile and verify that it is lower case. For further troubleshooting please contact Tech Support.
Thank you for your answer.
We have tried different configs.
The domain name in lower and upper case, the whole domain string or no doamin string.
But nothing seems to be working.
Only when we add the NT-Domain name in lower cases,
the PaloAlto send the request to the Radius, in the other cases
the PaloAlto drops the authentication and said "User not allowed".
Then there is no matching with the allow list for the SSL-VPN!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!