We have a PA-220 running PAN-OS 10.1.9 on which we changed the password for one of the admin accounts. Config audit shows the phash changed. Committed and the commit succeeded. Tried to log in with the new password and failed. Tried the old password and it worked.
We have tried this several times and although the commit succeeds, the password does not actually get changed.
What could we be missing?
After hours with TAC, it was determined that admin accounts were locked and could not be effectively unlocked. The locked users db was corrupted possibly by an unexpected shutdown. Deleting the files resolved the issue. Quick resolution once the issue was known.
Is this an HA setup where somehow the password gets resynced?
Have you tried commit force?