000035540 - Unable to authenticate to RADIUS server from SonicWALL RADIUS client in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Oct 24, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035540
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 or later
  • Users are unable to authenticate through SonicWALL Global VPN to SonicWALL firewall (NSA 3600).
  • RADIUS authentication tests from the the firewall say "Authentication failed to RADIUS server."
  • In the RSA Authentication Manager authentication activity log, the message is "Authentication method failed, passcode format error."
  • It is confirmed that the shared secrets are the same on the SonicWALL and the Authentication Manager RADIUS client entry.
CHAP authentication requests are not supported with Authentication Manager.  Sending a CHAP RADIUS authentication request will cause an RSA RADIUS authentication failure, as shown below:

09/11/2017 22:53:36 Authenticating user <username> with authentication method SecurID
09/11/2017 22:53:36 Beginning instance of SecurID authentication
09/11/2017 22:53:36 Credentials are neither PAP nor EAP 4
09/11/2017 22:53:36 Terminated instance of SecurID authentication
09/11/2017 22:53:36 Unable to find user <username> with matching password

User-added image

  1. Check the options in SonicWALL management console.
  2. In Users > Settings under User Authentication Settings, click the Configure RADIUS button. 
  3. Scroll down to the bottom and make sure a checkbox for Force PAP to MSCAHPv2 is unchecked.
User-added image

  1. In VPN > Settings, click the Configure icon for the WAN GroupVPN, and select the Advanced Tab.
  2. Make sure a checkbox for Use RADIUS in MSCHAP or MSCHAPv2 mode for XAUTH is unchecked.
User-added image
NotesFor more information please review article 000012942 How to enable RADIUS Debugging/Verbose in Authentication Manager