Article Number
000035203
Applies To
RSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Issue
An administrator has configured a Cisco Wireless LAN Controller to send RADIUS authentication to a Microsoft Network Policy Server which forwards the RADIUS request to RSA RADIUS.
The opt/rsa/am/radius.log file named in the format of yyyymmdd.log (for example, 20170529.log and called the RADIUS date.log file) reports the following messages for a failed authentication going through the Cisco Wireless LAN Controller:
05/29/2017 15:16:01 Request contained EAP Identity Response, but Identity did not match User-Name
05/29/2017 15:16:01 Request has invalid syntax (e.g. invalid, missing or duplicate attributes), Rejecting
05/29/2017 15:16:01 Sent reject response
Cause
Enabling and reviewing RSA RADIUS debug data revealed the User-Name in the authentication does not match the user ID in the Authentication Manager database.
Resolution
When performing an authentication the end user must ensure they are using the correct user ID as defined in the Authentication Manager database.