RADIUS shared secret limitations of RADIUS clients configured with RSA Authentication Manager
Originally Published: 2014-10-21
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
- Users failed to authenticate with an error in authentication activity report, either from an historical report authentication activity report in the Security Console (Reporting > Reports) or from the real time authentication activity repoirt (Reporting > Real Time Activity Monitor > Authentication Activity Monitor)
Authentication method failed, passcode format error
- The RADIUS log (available from the Operations Console under Administration > Download Troubleshooting Files) shows:
Unable to find user <user name> with matching password
- Name resolution is confirmed for both forward and reverse lookup.
Cause
Resolution
RSA Authentication Manager supports shared secrets of up to 127 alphanumeric characters, including spaces and the following special characters:
~ ! @ # $ % ^ & *( ) _ + | \ = - ' { } [ ] : " ' ; < > ? / . ,
However, not all network access devices support shared secrets of up to 127 alphanumeric characters or the above special characters.
Implement shared secrets that are fully supported by RADIUS devices in your network.
Note that some special characters that are within a secret act as Linux escape characters. For example, an exclamation point can be the first or last character in a secret, but never embedded in it.
Notes
The version of RADIUS used by Authentication Manager was changed from SBR to FreeRADIUS in Authentication Manager 8.6.
Related Articles
RADIUS Clients Number of Views Troubleshooting RSA Authentication Manager 8.1 native SecurID and RADIUS authentication issues Number of Views Performing RADIUS authentication tests with NTRadPing to RSA Authentication Manager Number of Views "Invalid authentication handle" reported by the Cisco AnyConnect client when using RSA SecurID Access Cloud Authentication… Number of Views Radius Client Authentication failed For PIN+Token profile (New PIN Mode) with Cisco Anyconnect VPN Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
