Hi everybody,I find a problem, when I send a radius authentication request packet to CLEARPASS,it rejects the authentication. The log is as follows. And I do the authentication again, it accepts. But I'm sure I use the same username and password. It only rejects the authentication about 1 or 2 percent. I didn't change our device's configuration. I do not know why. Is it the CLEARPASS's issue? or actual the user‘s password is wrong, or the shared secret between the device and CLEARPASS somtimes is wrong?
2017-03-05 17:13:15,344 [Th 2953 Req 4154822 SessId R0008192e-01-58bc1cfb] ERROR RadiusServer.Radius - rlm_pap: User xxxx authentication failed
2017-03-05 17:13:15,344 [Th 2953 Req 4154822 SessId R0008192e-01-58bc1cfb] ERROR RadiusServer.Radius - Unprintable characters in the password. Check the shared secret on the server and the NAS.
...
2017-03-05 17:13:15,349 [AuthReqThreadPool-22-0x7fd5a5bed700 r=R0008192e-01-58bc1cfb h=74] ERROR ExtDB.DBQuery - ResultSet is empty
2017-03-05 17:13:15,349 [AuthReqThreadPool-22-0x7fd5a5bed700 r=R0008192e-01-58bc1cfb h=74] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =SELECT FLOOR(EXTRACT(EPOCH FROM (NOW() - timestamp)))::integer AS seconds_since_auth, FLOOR((EXTRACT(EPOCH FROM (NOW() - timestamp)))/60)::integer AS minutes_since_auth, FLOOR((EXTRACT(EPOCH FROM (NOW() - timestamp)))/3600)::integer AS hours_since_auth, FLOOR((EXTRACT(EPOCH FROM (NOW() - timestamp)))/86400)::integer AS days_since_auth FROM auth WHERE auth.timestamp < NOW() AND auth.error_code = 0 AND auth.username = '%{Endpoint:Username}' AND auth.mac = '%{Connection:Client-Mac-Address-NoDelim}' AND auth.auth_status != 'MAB' ORDER BY timestamp DESC LIMIT 1, error=No values for param=Endpoint:Username
2017-03-05 17:13:15,349 [AuthReqThreadPool-22-0x7fd5a5bed700 r=R0008192e-01-58bc1cfb h=74] ERROR ExtDB.DBQuery - execute: Failed to construct filter=SELECT FLOOR(EXTRACT(EPOCH FROM (NOW() - timestamp)))::integer AS seconds_since_auth, FLOOR((EXTRACT(EPOCH FROM (NOW() - timestamp)))/60)::integer AS minutes_since_auth, FLOOR((EXTRACT(EPOCH FROM (NOW() - timestamp)))/3600)::integer AS hours_since_auth, FLOOR((EXTRACT(EPOCH FROM (NOW() - timestamp)))/86400)::integer AS days_since_auth FROM auth WHERE auth.timestamp < NOW() AND auth.error_code = 0 AND auth.username = '%{Endpoint:Username}' AND auth.mac = '%{Connection:Client-Mac-Address-NoDelim}' AND auth.auth_status != 'MAB' ORDER BY timestamp DESC LIMIT 1
2017-03-05 17:13:15,350 [AuthReqThreadPool-22-0x7fd5a5bed700 r=R0008192e-01-58bc1cfb h=74] ERROR ExtDB.DBQuery - ResultSet is empty
2017-03-05 17:13:15,351 [AuthReqThreadPool-22-0x7fd5a5bed700 r=R0008192e-01-58bc1cfb h=74] ERROR ExtDB.DBQuery - Failed to get value for attributes=RemainingTime, Seconds-Since-Auth, case]
Error Code: 9001
Error Category: RADIUS protocol
Error Message: Wrong shared secret
Alerts for this Request -
Policy server: Failed to construct filter=SELECT FLOOR(EXTRACT(EPOCH FROM (NOW() - timestamp)))::integer AS seconds_since_auth, FLOOR((EXTRACT(EPOCH FROM (NOW() - timestamp)))/60)::integer AS minutes_since_auth, FLOOR((EXTRACT(EPOCH FROM (NOW() - timestamp)))/3600)::integer AS hours_since_auth, FLOOR((EXTRACT(EPOCH FROM (NOW() - timestamp)))/86400)::integer AS days_since_auth FROM auth WHERE auth.timestamp < NOW() AND auth.error_code = 0 AND auth.username = '%{Endpoint:Username}' AND auth.mac = '%{Connection:Client-Mac-Address-NoDelim}' AND auth.auth_status != 'MAB' ORDER BY timestamp DESC LIMIT 1.
Failed to get value for attributes=[RemainingTime, Seconds-Since-Auth, case]
RADIUS: PAP: CLEAR TEXT password check failed
Unprintable characters in the password. Check the shared secret on the server and the NAS.