Radius Authentication error - Transaction ID length is more than OTT length, this is not expected
search cancel

Radius Authentication error - Transaction ID length is more than OTT length, this is not expected

book

Article ID: 259346

calendar_today

Updated On:

Products

CA Strong Authentication CA Advanced Authentication CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

RADIUS authentication is unpredictable. It used to work for quite a few tests and then stopped working on one AA server then later on the second. RADIUS service is running, but it doesn’t authenticate anymore. It doesn’t count this event as Failed Login in the Credentials.

 02/02/23 20:43:54.769 INFO  RADIUS       00034104 SVRMASTR - Connection: [SERVER_CB_ACCEPT] ip [x.x.x.x] port [1812] wf-protocol [RADIUS] fd [13] stream [0x7f25c00008c0], fd-transport [0x2109100]

02/02/23 20:43:54.771 INFO  RADIUS       00034476 00050504 - Txn-Begin : TxnID=50504 | ClientTxnID=[] | Protocol=6 (RADIUS) | ReqSize=56 | TST=2023-02-03 01:43:54:0 (DB)

02/02/23 20:43:54.772 INFO  RADIUS       00034476 00050504 - RADIUS Protocol[requestIP=x.x.x.x]. RadiusClientAuthType : 0 (OTT).

02/02/23 20:43:54.772 WARN  RADIUS       00034476 00050504 - Transaction ID length is more than ott length, this is not expected

02/02/23 20:43:54.772 WARN  RADIUS       00034476 00050504 - Given OTT format is invalid, this is not expected

02/02/23 20:43:54.772 INFO  RADIUS       00034476 00050504 - OTT FAILED. Reason : INVALID CREDENTIAL!

02/02/23 20:43:54.772 INFO  RADIUS       00034476 00050504 - RADIUS Protocol[requestIP=x.x.x.x]: Authentication Failed [1000].

02/02/23 20:43:54.779 INFO  RADIUS       00034476 00050504 - Txn-End : TxnID=50504 | ClientTxnID=[] | Processor=10 (AUTH_EX) | Operation=1001 (AUTHEX_VERIFY_TOKEN) | Response=5707 (CREDENTIAL_INVALID) | Reason=0 (UNDEFINED) | RespSize=20 | Time=26 | DBT=23 | NQ=2 | ExtEvents={ NONE } | AddInfo=[NONE] | LTB=01126 | LNL=0007/0007 | LML=138

02/02/23 20:43:54.779 INFO  RADIUS       00034476 00050504 - Txn-Begin : TxnID= | ClientTxnID=[<NA>] | Protocol=6 (RADIUS) | ReqSize=0 | TST=1971-01-01 00:00:00:0 ()

02/02/23 20:43:54.780 INFO  RADIUS       00034476 00050504 - Empty response payload is detected. Attempting to generate appropriate response.

02/02/23 20:43:54.780 INFO  RADIUS       00034476 00000000 - The request could not be processed by the protocol!.

02/02/23 20:43:54.780 INFO  RADIUS       00034476 00000000 - Response is empty. Connection would be dropped

02/02/23 20:43:54.780 INFO  RADIUS       00034476 00000000 - Protocol module could not process the input. Connection will be closed

Environment

Release : 9.1.x

CA Strong Authentication

Resolution

This error is observed when there is a mismatch in the Radius configuration e.g. if you configured the INBAND_PASSWORD but using the Radius Authentication, please see screen shot below -

Attachments

Powered by Wolken Software