000022236 - No user or password in the packet

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000022236
Applies ToRSA ACE/Server 5.1 (no longer supported as of 7-14-2006)
RSA ACE/Server 5.2
RSA Authentication Manager 6.0
Microsoft Windows 2000
Microsoft Windows Server 2003
UNIX
RADIUS
IssueNo user or password in the packet
No message appears in RSA ACE/Server activity log

If RADIUS debug is enabled on RSA ACE/Server or RSA Authentication Manager, the following output is seen:

adius/ace_radius/ace_radius_receive.cpp(174): Received auth packet
adius/ace_radius/ace_radius_database.cpp(416): Attribute 1 Length 36
adius/ace_radius/ace_radius_database.cpp(416): Attribute 3 Length 19
adius/ace_radius/ace_radius_database.cpp(416): Attribute 6 Length 6
adius/ace_radius/ace_radius_database.cpp(416): Attribute 7 Length 6
adius/ace_radius/ace_radius_database.cpp(416): Attribute 61 Length 6
adius/ace_radius/ace_radius_database.cpp(416): Attribute 4 Length 6
adius/ace_radius/ace_radius_database.cpp(416): Attribute 44 Length 17
adius/ace_radius/ace_radius_database.cpp(573): No user or password in the packet
adius/ace_radius/ace_radius_database.cpp(1131): Looking in cache.
adius/ace_radius/ace_radius_dbapi.cpp(384): Get NAS Secret - Start.
adius/ace_radius/ace_radius_dbapi.cpp(504): No trusted mode
adius/ace_radius/ace_radius_dbapi.cpp(513): Search by address (144.130.4.5)
adius/ace_radius/ace_radius_dbapi.cpp(557): Found client right away.
adius/ace_radius/ace_radius_dbapi.cpp(618): Got secret.
adius/ace_radius/ace_radius_database.cpp(1179): Put to cache IP 144.130.4.5
adius/ace_radius/ace_radius_database.cpp(704): Request ID of received packet 139
adius/ace_radius/ace_radius_database.cpp(709): Invalid packet with 139 will be responded
adius/ace_radius/ace_radius_response.cpp(63): Top of response loop.
adius/ace_radius/ace_radius_response.cpp(151): Formatting response to packet ID 139
adius/ace_radius/ace_radius_response.cpp(293): Length of profile 0
adius/ace_radius/ace_radius_response.cpp(71): Response size is 37.
adius/ace_radius/ace_radius_response.cpp(92): Sent 37 bytes

 


Note the 2 highlighted entries that indicate the problem.

CauseThe sending device is configured to send a CHAP password; this is incompatible with RSA SecurID
Resolution

The device should be reconfigured so the password is sent as a PAP password instead of CHAP. If this is done, the equivalent authentication request viewed in the debug window should look like the following:

adius/ace_radius/ace_radius_receive.cpp(174): Received auth packet
adius/ace_radius/ace_radius_database.cpp(416): Attribute 1 Length 36
adius/ace_radius/ace_radius_database.cpp(416): Attribute 2 Length 18
adius/ace_radius/ace_radius_database.cpp(416): Attribute 6 Length 6
adius/ace_radius/ace_radius_database.cpp(416): Attribute 7 Length 6
adius/ace_radius/ace_radius_database.cpp(416): Attribute 61 Length 6
adius/ace_radius/ace_radius_database.cpp(416): Attribute 4 Length 6
adius/ace_radius/ace_radius_database.cpp(416): Attribute 44 Length 17
adius/ace_radius/ace_radius_database.cpp(1131): Looking in cache.
adius/ace_radius/ace_radius_database.cpp(1136): Found data in cache.
adius/ace_radius/ace_radius_database.cpp(704): Request ID of received packet 140
adius/ace_radius/ace_radius_auth.cpp(567): Request is OK
 

Note the 2 highlighted entries showing a valid PAP authentication sent in the RADIUS request.

 


For details about enabling RADIUS debug, see the solution regarding How to enable RADIUS debugging on Legacy SecurID Server: 6.0 and prior versions.

 

NOTE: This example shows just one example of a RADIUS authentication request; the specific attributes sent by different devices may differ, and the only mandatory attributes in the initial authentication request are Attribute 1 (User-Name) and Attribute 2 (User-Password), for example:

adius/ace_radius/ace_radius_receive.cpp(174): Received auth packet
adius/ace_radius/ace_radius_database.cpp(416): Attribute 1 Length 36
adius/ace_radius/ace_radius_database.cpp(416): Attribute 2 Length 18
adius/ace_radius/ace_radius_database.cpp(1131): Looking in cache.
adius/ace_radius/ace_radius_database.cpp(1136): Found data in cache.
adius/ace_radius/ace_radius_database.cpp(704): Request ID of received packet 141
adius/ace_radius/ace_radius_auth.cpp(567): Request is OK

Legacy Article IDa27594

Attachments

    Outcomes