What can cause RADIUS error: Invalid RADIUS response received - Bad MD5?

What can cause RADIUS error: Invalid RADIUS response received - Bad MD5?

3066
Created On 03/12/20 23:36 PM - Last Modified 04/25/25 20:45 PM


Question


What can cause RADIUS error: Invalid RADIUS response received - Bad MD5?

Environment


  • Supported PAN-OS versions
  • RADIUS Server

Answer


  1. The output of Bad MD5 indicates that there may be an issue with the secret defined in the RADIUS server profile or the RADIUS server doesn't support the configured special characters.
  2. Although Palo Alto supports all characters to be included, the RADIUS vendor may have some restrictions using certain characters . Check the documentation of  RADIUS's vendor.  

Additional Information


To verify the issue:

  1. Test the configured Radius profile using the Test Authentication Server connectivity
  2. Capture the RADIUS Access-Request packet from PAN device and from RADIUS server
  3. To view the user password using Wireshark set the required settings as noted in picture below:
User-added image
  1. Check the user password in the RADIUS Access-Request packet captured from PAN device and from RADIUS server as noted in picture below:
User-added image
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PP2UCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language