Managing Local Admin Through Panorama Template

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Managing Local Admin Through Panorama Template

Not applicable

So, we are (slowly) transitioning our devices to 5.x code to fully utilize the templates via Panorama.  One of the items I was looking into transitioning is the local admin account.  However, from my testing, I don't know that this is possible.  We have a 90-day password rotation on all our passwords so we need to change that admin password as well.  Currently, we have run a job out of Solarwinds, but I was trying to see if this could be accomplished via the template.  The good news, is that it lets me create the admin acount and it pushes it down via the template.  The bad news is that when I try and revert the admin account from local to use the template I get the error:

     1- Failed to revert Administrators - admin.

Administrator not allowed to delete own account

Is it even possible to administer that default admin account via the template?  I can think of a couple ways to try and work around it, but before I go too deep, I just wanted to float it to the community.

Thanks!

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi,

If i understand the issue correctly you are trying to modify the or change the admin account password of the firewalls through templates.

You should be able to do this with any issues.


However if you are changing the admin password on the Panorama it self.

Then you will have to login with another superuser and modify the admin users password.

You can not modify the password of a user you are logged in with.


Thank you

Numan

View solution in original post

3 REPLIES 3

L5 Sessionator

From the error message it looks like your trying to delete/modify a username using which you have logged in. If you want to delete a super user make sure that you are not logged in with that username.

L5 Sessionator

Hi,

If i understand the issue correctly you are trying to modify the or change the admin account password of the firewalls through templates.

You should be able to do this with any issues.


However if you are changing the admin password on the Panorama it self.

Then you will have to login with another superuser and modify the admin users password.

You can not modify the password of a user you are logged in with.


Thank you

Numan

Hello,

Yes we can modify the default admin account through the template.

admin-temp.PNG.png

I went ahead on Panorama and created an admin account with a different password ( Local device has admin account with password as admin  ) and forced the template values to the firewall.

CommitAll succeeds and the password was changed to new password. Old password could not log me in.

The image above explains with a slight green box next to admin indicating its a template push.

This confirms you can change and modify admin accounts from Panorama templates.

Thanks

  • 1 accepted solution
  • 5062 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!