06-26-2017 08:05 AM
Hello,
Currently I have Duo working with vpn on Palo Alto Firewalls on 7.x OS successfully. However it does not work with Palo 8.x OS. This needs to be addressed A.S.A.P as 8.x has been out since January 2017. Please assign the appropriate personnel to this so Duo can get updated and working again please.
The error seen when using Duo with 8.x is:
2017-06-23 09:53:22-0600 [DuoForwardServer (UDP)] ((’’, ), 12): Only PAP with a Shared Secret format or CHAP2 are supported. Is the system communicating with the Authentication Proxy using CHAP or something else instead?
2017-06-23 09:53:22-0600 [DuoForwardServer (UDP)] ((’’, ), 12): No password or CHAP2 attributes provided
2017-06-23 09:53:22-0600 [DuoForwardServer (UDP)] ((’’, ), 12): Returning response code 3: AccessReject
Thank you,
Ken
06-28-2017 06:25 AM
Can you configure the Duo RADIUS authentication server to use PAP instead of CHAP as mentioned in step 1.4 here:
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/authentication/configure-radius-authentication?
06-30-2017 08:51 AM
Thank you, it looks like they added that option v8. After testing changing to PAP resolved the issue.
Thanks!
06-30-2017 10:18 AM
Thanks for the follow up! We’ll be updating our Palo Alto instructions for v8 this quarter.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: