Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-02-2015 07:29 AM
Currently we have been working with setting up Access Domain accounts for our server admins to have restricted RO access to traffic logs and policy rules. The configuration appears sound but all testing using either local or radius/ldap auth accounts have proven to fail. Recieving the following message each time the CORRECT password and login name are entered and clicked login. All other admin accounts using a dynamic or role-based profile work without issues.
Has anyone else seen this issue?
11-03-2015 04:48 AM
Check the system log in monitor. There should be a more specific failure message there.
For RADIUS also check the log on your RADIUS server to confirm the request is reaching and being processed and passed. We generally run wireshark here so we can follow the entire transaction.
11-03-2015 09:02 AM
Thanks Steve but the system logs was one of the first places I looked and it displays a successful authentication from all auth types local/radius/ldap.
11-04-2015 03:58 PM
I agree with pulukas, if the PAN shows a successful attempt in its logs, check the other side of things, i.e. RADIUS, LDAP, etc.
11-07-2015 06:45 AM
If the monitor log shows success, and the login is actually denied this is probably a bug and you will need to open a support case on this.
For the support case a wireshark of the RADIUS transaction would be the fastest path to an ultimate solution and bug fix.
11-10-2015 06:31 AM
I have had a TAC case open for the last 2 weeks and is currently status research. The issue appears to be bug related so far. LDAP and Radius are not the issue as we are having the access domain issue on local accounts and all other admin accounts (Role/Dynamic) that leverage LDAP and Radius are functioning. Once I hear back from TAC I will post an update.
Thanks
11-10-2015 11:30 AM
I am running Panorama 7.0.3 with Access Domains configured for local admin accounts. It is working fine for me. Have you tried to define a new Access Domain & admin role with a new admin login account? Maybe some parameter/setting is corrupted.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
