Support Center > Search Results > SecureKnowledge Details
RADIUS authentication fails when using passwords longer than 16 characters Technical Level
Symptoms
  • RADIUS authentication fails when using passwords longer than 16 characters
  • FWM debug shows:
    Administrator USER_NAME was not found in fwm database
    au_realm_set_unique_user_id: Key: CN=USER_NAME,OU=NAME,OU=users,O=NAME
    is_in_remote_auth_group: empty remote_auth_group
    
                    
            
Cause

A limitation of RADIUS version 1.0 (RFC 2138) limits authentication to 16 characters. In FW-1 the only difference between the two versions is the ability to pack long passwords inside the transmitted packets.


Solution

Use a RADIUS version 2.0 (RFC 2865) compatible RADIUS Server. Contact your RADIUS Software vendor to ensure version 2.0 compatibility. Configure the RADIUS server object in SmartDashboard to reflect the use of a RADIUS ver 2.0 compatible platform:

  1. Open SmartDashboard.
  2. Select 'Manage' > 'Servers'.
  3. Open the RADIUS server object properties.
  4. Select 'Radius ver. 2.0 compatible', under 'Version'.
  5. Click 'OK'.
  6. Install the Security Policy to all affected authentication gateways.

Embedded GAIA devices does not support RADIUS version 2.0 for Remote Access VPN authentication.

RFE will be required.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment