000035203 - Request contained EAP identity response in RSA Authentication Manager 8.x RADIUS log data

Document created by RSA Customer Support Employee on Jul 28, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035203
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
IssueAn administrator has configured a Cisco Wireless LAN Controller to send RADIUS authentication to a Microsoft Network Policy Server which forwards the RADIUS request to RSA RADIUS.
The  opt/rsa/am/radius.log file named in the format of yyyymmdd.log (for example, 20170529.log and called the RADIUS date.log file) reports the following messages for a failed authentication going through the Cisco Wireless LAN Controller:
05/29/2017 15:16:01 Request contained EAP Identity Response, but Identity did not match User-Name 
05/29/2017 15:16:01 Request has invalid syntax (e.g. invalid, missing or duplicate attributes), Rejecting
05/29/2017 15:16:01 Sent reject response

CauseEnabling and reviewing RSA RADIUS debug data revealed the User-Name in the authentication does not match the user ID in the Authentication Manager database.
ResolutionWhen performing an authentication the end user must ensure they are using the correct user ID as defined in the Authentication Manager database.