HP-UX AAA Server A.08.00.01 Administrator's Guide
Table 30-5 Common Authentication Failure Problems (continued)
TroubleshootingProblem
Sequence counter resynchronization failed for user <user name>
in realm <realm name> after <number> unsuccessful OTP
validations. The last sequence counter attempted is <number>.
Log MessageUnable to
authenticate
The HP-UX AAA Server is not able to resynchronize the sequence
counter as the OTP in the request is incorrect. This can happen
because of one of the following reasons:
Cause
• The OTP is out of synchronization beyond the value configured
in OTP-Lookup-Window.
• The length of the OTP does not match the configured value.
• The OTP is incorrect (wrongly entered by the user).
• The shared secret to be used to generate OTP may not be in
the binary format.
Validate the OTP using the User Database Administration tool.
You can also check if the OTP-Token-Length for the user is
Resolution
correct. In addition, you can check if the user has correctly entered
the OTP.
Verify that you have used the
AAAConvertandSetHexToBinaryString()conversion
function or your own conversion function to convert the shared
secret to binary.
Configured OTP token length for user <user name> in realm
<realm name> is less than 6. The valid OTP token length is
either 6, 7 or 8. Verify that the configured token length is valid
Log MessageUnable to
authenticate
Or
Configured OTP token length for user <user name> in realm
<realm name> is greater than 8. The valid OTP token length is
either 6, 7 or 8. Verify that the configured token length is valid"
The OTP is wrongly configured in the OTP-Token-Length
attribute or in the otp_token_length system-wide
configuration item.
Cause
Check the value of the OTP-Token-Length attribute in the user
profile, in the request-ingress.grp file, or in the
Resolution
aaa.config file. For more information, see “Attributes for
Configuring OTP Authentication” (page 188).
490 Troubleshooting Procedures