search cancel

Radius log file shows 'invalid LDAP password' and 'Reject user' however user is authenticating successfully and it should show as 'access granted'

book

Article ID: 255355

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Radius log file shows 'invalid LDAP password'  and 'Reject user' however user is authenticating successfully and it should show as 'access granted'. Log file snippet pasted below-

================================================================

DEBUG "2022-11-30 22:47:27.464 GMT+0000" 0.0.0.0 Cisco:1812 0 0 "text=VSAuthOTPFirstFactorLDAPImpl.authenticateExt() -- Returning opResult [code:3 message:reason=3; Incorrect LDAP Password.]" Thread-1249855232 VSAuthOTPFirstFactorImpl.c
ERROR "2022-11-30 22:47:27.464 GMT+0000" 0.0.0.0 Cisco:1812 0 0 "text=Residual Password failed for user [testuser1]." Thread-1249855232 VSAuthOTPStandardControllerImpl.cpp
INFO "2022-11-30 22:47:27.464 GMT+0000" 0.0.0.0 Cisco:1812 0 0 "text=Sending Access-Reject for user [testuser1] , reason=3; Incorrect LDAP Password." Thread-1249855232 VSAuthOTPStandardControllerImpl.cpp
DEBUG "2022-11-30 22:47:27.464 GMT+0000" 10.253.36.103 Cisco:1812 0 18870 "text=VSValidationEngineProcessRequest() -- Error: Incorrect LDAP Password." Thread-1249855232 VSValidationEngine.c
ERROR "2022-11-30 22:47:27.464 GMT+0000" 10.253.36.103 Cisco:1812 0 0 "text=VSValidationEngineProcessRequest() -- Authentication Failed for user [testuser1]. 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+
!!WARNING!! Detected a possible Shared-secret mismatch. 
Ensure that both the RADIUS server and the RADIUS client share the same Shared-secret.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+" Thread-1249855232 VSValidationEngine.c
DEBUG "2022-11-30 22:47:27.464 GMT+0000" 10.253.36.103 Cisco:1812 0 0 "text=VSValidationEngineProcessRequest() -- 'authenticate' opResult for user [testuser1] with request Id [1_10.253.36.103_17127]: 3" Thread-1249855232 VSValidationEngine.c
DEBUG "2022-11-30 22:47:27.464 GMT+0000" 10.253.36.103 Cisco:1812 0 0 "text=VSValidationEngineProcessRequest() -- Writing reply attributes" Thread-1249855232 VSValidationEngine.c
AUDIT "2022-11-30 22:47:27.464 GMT+0000" 10.253.36.103 Cisco:1812 0 18870 "text=Access DENIED Incorrect LDAP Password. ,reason=3; Incorrect LDAP Password." Thread-1249855232 VSValidationEngine.c

===============================================================

Environment

Release : Enterprise Gateway - 9.10

OS: Linux

Cause

This has been identified as a Bug in 9.10 release.

Resolution

VIP Engineering team has released VIP enterprise Gateway 9.10.1 which addresses the issue. This patch can only be applied on top of 9.10 version. Here is the release notes for the 9.10.1 version and this is fixed as part of the BRCMVIP-3235.

What's new in VIP Enterprise Gateway 9.10.1