Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000035239 - LDAP password authentication failed - Logon failure: unknown username or invalid password when attempting RADIUS authentication with RSA SecurID Access

Document created by RSA Customer Support

on Jun 9, 2017•Last modified by RSA Customer Support on Apr 24, 2019

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000035239
Applies To	RSA Product Set: SecurID Access
Issue	When attempting to initiate RADIUS authentication, the Administration Console's User Event Monitor displays error: LDAP password authentication failed - Logon failure: unknown username or invalid password The identity router's (IDR) /var/log/radiusj/radius-audit.log also indicates an error similar to: 2017-06-08/20:25:08.404/UTC [RadiusAuditEntryProcessor] INFO RADIUSAUDIT[31] - ----------START_RADIUS_USER_LDAP_AUTHENTICATION---------- EVENTID=RADIUS_USER_LDAP_AUTHENTICATION DATETIME=Thu Jun 08 20:25:08 UTC 2017 IN_RESPONSE_TO=3482eedb-936a-427b-a56a-48e9ac09d4dc DESCRIPTION=RADIUS – Unsuccessful LDAP authentication- Please Check User Event monitor for details. NAS-IP-ADDRESS=192.168.20.100 USER_NAME=jsmith CLIENT_ID=RADIUS: Cisco ASA RADIUS_RESPONSE_TYPE=Access-Reject STATUS=FAIL REQUEST_ID=3482eedb-936a-427b-a56a-48e9ac09d4dc POLICY_ID=LowLevel_AllUsers TENANT_ID=mycompany ----------END_RADIUS_USER_LDAP_AUTHENTICATION---------- The username/password are known to be correct and the identity source has been tested successfully.
Cause	The RADIUS shared secret configured in the RADIUS client and in the Administration Console are not the same value.
Resolution	Re-enter the RADIUS secret at the RADIUS client and/or in the SecurID Access Administration Console as described in Add a RADIUS Client for the Cloud Authentication Service.
Notes	This scenario could also occur due to using a long shared secret or one with special characters. While the IDR-based SecurID Access RADIUS server supports a shared secret length of up to 512 characters and most special characters, RADIUS client devices may have different limitations. Select shared secrets that are fully supported by the RADIUS devices in your network. See the Administration Console's on-screen help for the IDR RADIUS Server shared secret requirements.

Attachments

Outcomes

0 Comments

Recommended Content