000022626 - Windows authentication does not work in RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022626
Applies ToRSA ClearTrust 5.0.1 Authorization Server (AServer)
Microsoft Windows 2000
IssueWindows authentication does not work in RSA ClearTrust
The ClearTrust Authorization Server Debug output reports: "returning {AUTHENTICATION_RESULT=INVALID_PASSWORD, RETURN_CODE=INVALID_USER} (AuthResult.BAD_PASSWORD)"
The aserver.log reports: "Authentication Failure,Result Reason = Bad Password"
CauseLDAP attribute mapped for cleartrust.data.ldap.user.dnattribute (in ldap.conf) was a multivalued attribute
Windows authentication mechanism uses the attribute mapped for user.dnattribute (on iPlanet UID, on Active Directory CN) to do Windows authentication. UID cannot be a multivalued attribute. If this value is multivalued, it may not submit the correct value.
ResolutionAs documented in the RSA ClearTrust 5.0.1 Installation and Configuration Guide, page 173, user.dnattribute cannot be multivalued. Ensure the attribute mapped for this parameter is not multivalued.
WorkaroundConfigured RSA ClearTrust Agent and aserver.conf (the Authorization Server) for Windows authentication
Legacy Article IDa15156