Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2308
Views
0
Helpful
3
Replies

What is the meaning of Radius log rejected identity USERNAME during dot1x auhentication?

getaway51
Level 2
Level 2

‎07-23-2020 12:08 AM

Hi,

 

Does this means the laptop didn't log in to AD OR logout from his laptop? Thus failing dot1x authentication?

Thanks!

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎07-23-2020 12:40 AM

it depends where you seeing the message.

 

look at the troubleshooting guide of ISE :

 

https://community.cisco.com/t5/security-documents/how-to-troubleshoot-ise-failed-authentications-amp/ta-p/3630960

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Damien Miller
VIP Alumni
VIP Alumni

‎07-23-2020 08:47 AM

Most of the time, if you see "username" in the radius live logs as the identity, then it's also accompanied with the red indicator of a failed authentication. By default, the 2.4+ versions of ISE mask the radius username for failures with "username" to prevent the possibility of disclosing a users password that may have accidentally been typed in to the username input. 

You can disable the username masking by navigating to the follow menu and selecting the checkbox "Disclose invalid usernames". 
username.png


0 Helpful

getaway51
Level 2
Level 2
In response to Damien Miller

‎07-23-2020 09:21 AM

Hi,

 

Many thanks for yr precious advise!

I am fine to see the red color USERNAME in the radius log of failed dot1x auth. I am just wondering if the failed auth is due to logout from AD, expired certificate or not yet login to AD.

Could the possibility be ALL OF ABOVE?

0 Helpful
Customers Also Viewed These Support Documents