000014874 - Cisco Wireless Client is not prompting for passcode using radius from Authentication Manager 7.1

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support on Aug 23, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000014874
Applies ToSecurID Appliance 3.0
Redhat Linux 5.1
RSA Authentication Manager 7.1
Cisco Wireless LAN Controller 4402
Cisco Security Services Client
IssueCisco Wireless Client is not prompting for passcode using radius from Authentication Manager 7.1
Radius trace data from Authentication Manager 7.1 data indicates that the server sending the "Enter the Password" prompt instead of "Enter Passcode" prompt.
Only the wireless clients using EAP-PEAP get password prompt. All other radius clients passcode prompt.
The same wireless clients using EAP-PEAP get correct passcode prompt from radius server in RSA Authentication Manager 6.1

05/26/2009 10:11:08 000: 010b001d 06456e74 65722053 65637572 |.....Enter Secur|

05/26/2009 10:11:08 010: 49442050 41535343 4f44453a 20 |ID PASSCODE: |  These lines are missing from Radius trace file from Auth manager 7.1


There is a difference in radius/peapauth.aut file between RSA Authentication Manager 6.1 and 7.1.
The peapauth.aut file in 6.1 Authentication Manager had below values:
PEAP_Min_Version = 0
PEAP_Max_Version = 0
The default installation of Authentication Manager 7.1 has the value PEAP_Max_Version = 1


On RSA Authentication Manager 7.1, log on to Operations console ----> RADIUS ---- > Manage Existing ------- > Select Primary Radius server --->
Select Manage Radius Server

Click on Edit Server Configuration Files

Edit Peapauth.aut file

PEAP_Min_Version = 0
PEAP_Max_Version = 0  ( The default value is 1 in Authentication Manager 7.1. Change it to zero)
Save the file.

The changes made to configuration files will not be updated on replica. Copy peapauth.aut and ttlsauth.aut files from radius directory to replica servers manually.

Legacy Article IDa48150