Unable to authenticate to RADIUS server from SonicWALL RADIUS client in RSA Authentication Manager 8.x
Originally Published: 2017-09-11
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 or later
Issue
- Users are unable to authenticate through SonicWALL Global VPN to SonicWALL firewall (NSA 3600).
- RADIUS authentication tests from the the firewall say "Authentication failed to RADIUS server."
- In the RSA Authentication Manager authentication activity log, the message is "Authentication method failed, passcode format error."
- It is confirmed that the shared secrets are the same on the SonicWALL and the Authentication Manager RADIUS client entry.
Cause
CHAP authentication requests are not supported with Authentication Manager. Sending a CHAP RADIUS authentication request will cause an RSA RADIUS authentication failure, as shown below:
09/11/2017 22:53:36 Authenticating user <username> with authentication method SecurID
09/11/2017 22:53:36 Beginning instance of SecurID authentication
09/11/2017 22:53:36 Credentials are neither PAP nor EAP 4
09/11/2017 22:53:36 Terminated instance of SecurID authentication
09/11/2017 22:53:36 Unable to find user <username> with matching password
Resolution
- Check the options in SonicWALL management console.
- In Users > Settings under User Authentication Settings, click the Configure RADIUS button.
- Scroll down to the bottom and make sure a checkbox for Force PAP to MSCAHPv2 is unchecked.
- In VPN > Settings, click the Configure icon for the WAN GroupVPN, and select the Advanced Tab.
- Make sure a checkbox for Use RADIUS in MSCHAP or MSCHAPv2 mode for XAUTH is unchecked.
Notes
For more information please review article 000044158-Enable RADIUS debug/verbose logs with all versions of RSA Authentication Manager 8.x
