This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Panorama standby password expired

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama standby password expired

junior_r
L3 Networker

‎09-25-2017 02:38 PM

Hi,

 

One of my accounts on Panorama standby doesn't let me login. I get "Password expired" message. I tired to change password for active unit and that still did not fix issue. I tired to delete and recreate account from active unit that still did not fix issue. How can I clear this flag on standby unit without making it active and changing password on it.

 

failed authentication for user 'junior'.  Reason: Password expired. User Locked out. From: 10.200.200.90.

 

Thanks

0 Likes Likes
6 REPLIES 6

reaper
Cyber Elite
Cyber Elite

‎09-25-2017 11:52 PM

the user is locked so you won't be able to login even if you do change the pasword, you'll need to wait untill the lock ends or log in with a different user and unlock the user

> request authentication unlock-admin user <value>

there is no need to switch to an active state to perform any of these tasks

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

junior_r
L3 Networker
In response to reaper

‎09-26-2017 05:12 AM

Hi,

 

That command wont work for users that have expired password. Is there a command to reset expiry without flipping to standby and changing password?

 

Reason: Password expired. User Locked out.

 

Thanks

0 Likes Likes

reaper
Cyber Elite
Cyber Elite
In response to junior_r

‎09-26-2017 06:54 AM

 

I'm not sure what you mean by 'flipping to standby', you should not change the active membership status of a cluster member to execute this type of action. Commands can be executed on the passive member without it needing to be active

 

You do, however, need to log on as a different user and perform the password change, commit and unlock

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

junior_r
L3 Networker
In response to reaper

‎09-26-2017 05:53 PM

On Standby Panorama you are not aloud to make changes to shared configuration. IE User accounts. I have a user with expired password on Standby unit but on active unit its fine. I can flip to standby unit triger a password change then flip back this will fix the issue but not the correct way it should be done.

0 Likes Likes

junior_r
L3 Networker
In response to junior_r

‎10-10-2017 06:08 PM

I am guessing no one knows? lol

0 Likes Likes

reaper
Cyber Elite
Cyber Elite
In response to junior_r

‎10-11-2017 12:37 AM - edited ‎10-11-2017 01:02 AM

have you tried resetting the password in the meanwhile?

 

it's true you can't write new config on a passive panorama, but you can change passwords

 

since no one else on the forum seems to have encountered this issue, have you been in contact with TAC? might be helpful if you post the outcome here

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes
  • 2816 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks