06-26-2017 08:05 AM
Hello,
Currently I have Duo working with vpn on Palo Alto Firewalls on 7.x OS successfully. However it does not work with Palo 8.x OS. This needs to be addressed A.S.A.P as 8.x has been out since January 2017. Please assign the appropriate personnel to this so Duo can get updated and working again please.
The error seen when using Duo with 8.x is:
2017-06-23 09:53:22-0600 [DuoForwardServer (UDP)] ((’’, ), 12): Only PAP with a Shared Secret format or CHAP2 are supported. Is the system communicating with the Authentication Proxy using CHAP or something else instead?
2017-06-23 09:53:22-0600 [DuoForwardServer (UDP)] ((’’, ), 12): No password or CHAP2 attributes provided
2017-06-23 09:53:22-0600 [DuoForwardServer (UDP)] ((’’, ), 12): Returning response code 3: AccessReject
Thank you,
Ken
06-28-2017 06:25 AM
Can you configure the Duo RADIUS authentication server to use PAP instead of CHAP as mentioned in step 1.4 here:
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/authentication/configure-radius-authentication?
06-30-2017 08:51 AM
Thank you, it looks like they added that option v8. After testing changing to PAP resolved the issue.
Thanks!
06-30-2017 10:18 AM
Thanks for the follow up! We’ll be updating our Palo Alto instructions for v8 this quarter.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide