Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
220
Views
0
Helpful
8
Replies

ISE - 5400 Authentication failed - Username:USERNAME

Go to solution
Mcolak001
Level 1
Level 1

‎06-27-2024 01:00 AM


Since the username in the Authentication Details is "USERNAME", I get a "Invalid username or password specified" warning and I can't log in with my existing local accounts.

Why does the username come up like this?

username:USERNAME

Labels:
Preview file
251 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to Mcolak001

‎06-27-2024 01:46 AM - edited ‎06-27-2024 01:47 AM

@Mcolak001 sorry it's under Administration > Settings > Security Settings > Disclose invalid usernames. 

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Rob Ingram
VIP
VIP

‎06-27-2024 01:24 AM - edited ‎06-27-2024 01:47 AM

@Mcolak001 the username is invalid and not in the identity store, so ISE does not reveal the usernames.

EDIT: You can disable this if you navigate to Administration > Settings > Security Settings > Disclose invalid usernames and select the checkbox.

 

0 Helpful

Go to solution
Mcolak001
Level 1
Level 1
In response to Rob Ingram

‎06-27-2024 01:43 AM

Hi Rob,I guess it is not valid in my version.

3.1.0.518

 

radius-screen.jpg

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Mcolak001

‎06-27-2024 01:46 AM - edited ‎06-27-2024 01:47 AM

@Mcolak001 sorry it's under Administration > Settings > Security Settings > Disclose invalid usernames. 

0 Helpful

Go to solution
Mcolak001
Level 1
Level 1
In response to Rob Ingram

‎06-27-2024 03:24 AM

Very good suggestion. Now I can see the usernames. Thank you.

Now I can analyze the problem better.

Do you have any comments about this problem?

 

log-detail.jpg

log-screen.jpg

  

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Mcolak001

‎06-27-2024 03:53 AM

@Mcolak001 is this "test-user" account a local account on the PC itself? ISE won't be able to authenticate that user, as it won't be able to perform a lookup.

I've never tried it but perhaps you create a "test-user" account in the ISE local userstore and lookup user requests to that. Although that is not a practical solution.

0 Helpful

Go to solution
Mcolak001
Level 1
Level 1
In response to Rob Ingram

‎06-27-2024 04:30 AM

yes, local user.

Is it normal for the authentication policy to be default when it is via a third party device (non cisco)?

default-policy.jpg

 

test-user.jpg

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Mcolak001

‎06-27-2024 04:41 AM

@Mcolak001 do you have other Policy Sets (other than the default)? If yes, the connection request is not matching your other Policy Set and hitting the Default Policy Set. Check your conditions on the other policy set, amend accordingly.

0 Helpful

Go to solution
Mcolak001
Level 1
Level 1
In response to Rob Ingram

‎06-28-2024 04:39 AM

Hi Rob,

I saw where it got stuck in the logs.

I had to make these changes to the authentication policy. and it works now.

thank you.

Mcolak001_0-1719574592865.png

 

0 Helpful
Customers Also Viewed These Support Documents