This article displays the logs and issues seen when we try connection Junos with the username containing the letter “P’.
The Dynamic VPN connection using the Junos Pulse client fails when the username contain the letter ‘P’. Using the username “CA” or any other username the Dynamic VPN connection is correctly established.
Note: There is no issue in downloading the Junos Pulse client from the device, i.e the HTTPS connection is working.
To see the problem, the general process authentication logs are configured:
edit system processes general-authentication-service traceoptions
set file xauthtrace
set flag all
commit
When the Dynamic VPN Pulse client attempts to connect with the usename “CAP”:
- The first authentication is done as expected.
- The second authentication gives password mismatch, though the correct username and password are used.
- The Dynamic VPN Pulse client staus in the connecting state.
The following is reported in the log file:
#run show log xauthtrace 1ST AUTHENTICATION PROMPT SEEMS TO BE AS EXPECTED Dec 7 22:43:17 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:358failed to get SDB snapshot Dec 7 22:43:17 Username:CAP, Session-Id:9258837901100535180 Access-profile:user-auth-profile Multi-Acct-Session-Id:0 Dec 7 22:43:17 authd_auth_modules_pre_feed_sanity: message passed sanity test profile=(user-auth-profile), username=(CAP Dec 7 22:43:17 AuthFsm::current state=AuthInit(0) event=1 astEntry=0xdab06c Dec 7 22:43:17 ################################################################### Dec 7 22:43:17 ########################### AUTH REQ RCVD ######################### Dec 7 22:43:17 ################################################################### Dec 7 22:43:17 Auth-FSM: Process Auth-Request for session-id:9258837901100535180 Dec 7 22:43:17 Framework: Starting authentication Dec 7 22:43:17 authd_advance_module_for_aaa_request_msg: result:0 Dec 7 22:43:17 Authd module start Dec 7 22:43:17 Local : authd_local_start_auth: got params profile=user-auth-profile, username=CAP Dec 7 22:43:17 Local : start authd_local_lookup Dec 7 22:43:17 Local : profile user-auth-profile found Dec 7 22:43:17 Local : client CAP found Dec 7 22:43:17 Local : passwords matched Dec 7 22:43:17 authd_auth_module_start: result = 2 start_auth; state = 0 Dec 7 22:43:17 REQUEST: AUTHEN - module_index 0 module(password) return: SUCCESS 2ND PROMPT, PASSWORD MISMATCH IS REPORTED FOR THE SAME PASSWORD TYPED Dec 7 22:43:53 ################################################################### Dec 7 22:43:53 ########################### AUTH REQ RCVD ######################### Dec 7 22:43:53 ################################################################### Dec 7 22:43:53 Auth-FSM: Process Auth-Request for session-id:9258837905395593135 Dec 7 22:43:53 Framework: Starting authentication Dec 7 22:43:53 authd_advance_module_for_aaa_request_msg: result:0 Dec 7 22:43:53 Authd module start Dec 7 22:43:53 Local : authd_local_start_auth: got params profile=user-auth-profile, username=CAP Dec 7 22:43:53 Local : start authd_local_lookup Dec 7 22:43:53 Local : profile user-auth-profile found Dec 7 22:43:53 Local : client CAP found Dec 7 22:43:53 Local : password mismatch for client CAP Dec 7 22:43:53 authd_auth_module_start: result = 3 start_auth; state = 0 Dec 7 22:43:53 authd_auth_module_start: Error in calling the start_auth Dec 7 22:43:53 REQUEST: AUTHEN - module_index 0 module(password) return: FAILURE
This is an issue with the Junos Pulse client version Pulse 2.1, to resolve this issue upgrade to the Pulse 3.1 version or later.