We are using Authentication Manager 18.104.22.168.0. Does this use RADIUS version 1.0 or 2.0? Also, does it use MSCHAPv2 or PAP for its protocol?
To get the RADIUS version look at the RADIUS date.log. Today's log will be named 20190903.log. At the top will be the version information. For Authentication Manager 8.2, for instance, the version information would be:
rsaadmin@am82p:/opt/rsa/am/radius> cat 20190903.log09/03/2019 11:35:17 Version: v6.23.2
As for your CHAP question: CHAP uses a three-way handshake. This is done upon initial link establishment, and MAY be repeated anytime after the link has been established. After the Link Establishment phase is complete, the authenticator sends a challenge message to the peer. The peer responds with a value calculated using a one-way hash function. The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the connection SHOULD be terminated. This handshake is essentially closed off from outside protocols such as our RADIUS server trying to feed the New Pin Mode or Next PRN Mode strings.
CHAP is not a supported protocol with the RSA RADIUS Implementation. It is possible for a vendor to encode their CHAP implementation to permit our prompt strings but this is not an RSA issue.
PAP provides an open exchange of prompts between the server and client that permit New Pin Mode and Next PRN mode to work. PAP is supported by RSA RADIUS implementation. We work with PAP, EAP, PEAP, EAP-POTP, EAP-TTLS.
Retrieving data ...