A client of ours is getting the above error msg when some of their folks try to access the PAM UI either on the Client or Browser. Other users and admins can login no problem.
They use 2 factor, AD and Radius.
Has anyone seen this?
Please share with us the PAM version you are running.
Related known issue addressed with v2.7:
Redundant RADIUS servers would sometimes fail for CHAP authentication when used with One Time Passwords (OTP), causing login failures.
Workaround: Configure the RADIUS server responsible for OTP as the last server in the list of configured RADIUS servers in CA Privileged Access Manager.
Yes, they are running 2.7.0
I get this error when there is no connectivity from client PC to the PAM server, Just double check if they are able to ping PAM IP or hostname/dnsname.
I had a chance to logon and check; there is only one RADIUS server defined.
From the same PAM client that throws the error, are you able to login with the AD user (without Radius)?
I would also say, can you get the logs.log from the client, if you are using the PAM client ? That may give us some ideas
Have you been able to check at the AD what happens when the client tries to access the PAM server ? Does it really get authenticated and is it the Radius that is throwing it back ?
The other thing you may want to do is to enable trace at the java console and gather the logs. That will tell us why java seems not able to connect
As a last resource: get wireshark and repeat the process, then capture the packets. That may give a clue
Retrieving data ...