EditDiscussionPage history

Authentication Processing Messages

Revision as of 18:24, 9 August 2023 by Shin (talk | contribs) (Created page with "Authentication success (Access-Accept) generates a message as "Access-Accept", while authentication failure (Access-Reject) displays messages as follows: * Anonymous ID with...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Authentication success (Access-Accept) generates a message as "Access-Accept", while authentication failure (Access-Reject) displays messages as follows:

  • Anonymous ID with realm is invalid (User-Name is not anonymized):

You entered an anonymous ID with a realm and the two IDs are different. For example: ID:hong, Anonymous ID:hong@test.com. In Android environments, avoid using an anonymous ID.

  • Anonymous ID is invalid (User-Name is not anonymized):

You input a user-name in the anonymous ID. The two IDs are different. For example: ID:kim, Anonymous ID:hong. In Android environments, avoid using an anonymous ID.

  • mschap: FAILED: No NT-Password. Cannot perform authentication:

This error occurs when attempting 2-factor authentication using MSCHAPV2 in the Android environment with external database authentication. Therefore, choose GTC for 2-factor authentication.

  • eap: User not found or User-password incorrect (Failed continuing EAP GTC (6) session. EAP sub-module failed):

This error indicates incorrect ID or password.

  • pap: "known-good" SSHA2-256-Password has incorrect length, got 0 bytes, need at least 33 bytes:

This error indicates incorrect ID or password.

  • chap: control:Cleartext-Password is required for authentication:

This error indicates incorrect ID or password. Especially, this can occur in MAC address-based authentication. Check if the MAC address registered in RADIUS > Users is correct.

  • Failed to authenticate the user. No Auth-Type found:

rejecting the user via Post-Auth-Type = Reject: This error indicates incorrect ID or password.

  • eap: rlm_eap (EAP): No EAP session matching state 0xb312e528b26cfc50:

This error indicates incorrect ID or password.

  • eap_peap: TLS Alert read:fatal:unknown CA:

This error occurs when choosing an invalid CA certificate in TTLS or PEAP. In the Android environment, choose "Do Not Authenticate" for the CA certificate.

  • Rejected: User-Name contains whitespace:

This occurs when there's a whitespace in the ID.

  • Rejected: Realm does not have at least one dot separator:

This occurs when the realm does not contain a dot separator, which will prevent proper proxying.

  • Authentication is rejected from the proxy whose realm is <Default>.:

This occurs when authentication is rejected from the proxy server. It indicates incorrect ID or password.


The ID can be referred to as either "User Name" or "Account Name" depending on the operating system.