Panorama standby password expired

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Panorama standby password expired

L3 Networker

Hi,

 

One of my accounts on Panorama standby doesn't let me login. I get "Password expired" message. I tired to change password for active unit and that still did not fix issue. I tired to delete and recreate account from active unit that still did not fix issue. How can I clear this flag on standby unit without making it active and changing password on it.

 

failed authentication for user 'junior'.  Reason: Password expired. User Locked out. From: 10.200.200.90.

 

Thanks

6 REPLIES 6

Cyber Elite
Cyber Elite

the user is locked so you won't be able to login even if you do change the pasword, you'll need to wait untill the lock ends or log in with a different user and unlock the user

> request authentication unlock-admin user <value>

there is no need to switch to an active state to perform any of these tasks

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi,

 

That command wont work for users that have expired password. Is there a command to reset expiry without flipping to standby and changing password?

 

Reason: Password expired. User Locked out.

 

Thanks

 

I'm not sure what you mean by 'flipping to standby', you should not change the active membership status of a cluster member to execute this type of action. Commands can be executed on the passive member without it needing to be active

 

You do, however, need to log on as a different user and perform the password change, commit and unlock

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

On Standby Panorama you are not aloud to make changes to shared configuration. IE User accounts. I have a user with expired password on Standby unit but on active unit its fine. I can flip to standby unit triger a password change then flip back this will fix the issue but not the correct way it should be done.

I am guessing no one knows? lol

have you tried resetting the password in the meanwhile?

 

it's true you can't write new config on a passive panorama, but you can change passwords

 

since no one else on the forum seems to have encountered this issue, have you been in contact with TAC? might be helpful if you post the outcome here

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 2449 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!