Duplicate authorization request for RADIUS on Authentication manager 8.x
Article Number
Applies To
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.x
RADIUS Client: Cisco ASA
Issue
The Packet capture of this behavior shows that the requests are sent at the same time stamp as shown below
Cause
In order to troubleshoot this further and verify that it is indeed a duplicate authorization request:
- Open the Operations Console of the Primary instance
- Go to Deployment Configuration > RADIUS Servers
- Under the Server that receives the requests, click on Manage Server Files
- Click edit on the radius.ini file
- Change the value of debug and trace value to 2 (For more info, refer to the following article https://community.rsa.com/t5/securid-knowledge-base/enable-radius-debug-verbose-logs-with-all-versions-of-rsa/ta-p/3816)
- Now that the debug trace is enabled, try to authenticate one more time, then return the radius log values back to 0
- Open a winSCP session on the instance in question
- Login to the instance facing the issue as rsaadmin and enter the operating system password.
- Navigate to the following directory: /opt/rsa/am/radius
- Open the date.log file corresponding to the day the packet was captured (For example: if today is 28th of November 2022 then the name of the file should be 20221128.log)
- Navigate through the file to the timestamp corresponding to when the packet was sent in debug mode
- You should be able to identify both requests as the given error below
Resolution
- If this is the case, then the customer should be able to disable their authorization duplicate request by going to the Cisco ASA management console > Open the AAA server group > edit IPsec Remote Access Connection profile > set the profile for the server group to none to disable authorization as shown in the below screenshot
