Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

RADIUS Authentication Still Prompts for Password Change

L0 Member

I have a stand-alone system which is utilizing two Palo Alto 220 Firewalls. As part of this system, I have RADIUS policies configured on a Windows server to provide domain-admin access to the device. On one PA220 I am able to login with my domain credentials and access the device without issue. On the other PA220 I am able to login with domain credentials as well. However, once logged in I am brought to a page that prompts me to change my password. It has a field for Old Password, New Password and New Password verification. I am not able to navigate beyond this prompt. If I try to submit the form without inputting any values it errors saying "password required." If I submit the form with appropriate values (old password and a new password) it errors saying "Cannot change password for remote users."

What could be causing this to occur? I know my RADIUS is working as it should and the two PA220's are configured identically despite one functioning and the other not.

I still have a local admin account on the device, so I am able to make changes, I just don't know what needs to be changed (local admin account is not being prompted to change password).


Things I have tried:

Compared the "working" PA220 to the "non-working" PA220

Looked through device settings for misconfigurations

Ensured "change password at first login" has been disabled

Deleted authentication profiles and re-added them

Deleted users and re-added them

Committing changes

Rebooting device



Any advice/suggestion would be greatly appreciated!


Who Me Too'd this topic