04-08-2010 01:43 PM - edited 02-21-2020 10:24 AM
I am trying to integrate our ACS server with a RSA 130 appliance. I have the appliance on the wire and tokens imported and a user assigned. I have also installed the RSA security Console on the ACS server. When I attempt to do the authentication test it fails. The error I get from the RSA server is that the Authentication Mode fails.
User “TestRSAVPN” attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “CSIEmployees”.
The authentication policy is set for SecurID_Native for this user. I also can't purge the node secret for it is grayed out. When I attempt to VPN with a token I never see the ACS try to connect to the RSA server and we get a failed:
04/08/2010 15:15:07 Authen failed TestRSAVPN CSINetops 172.16.11.116 External DB password invalid.
I have attempted to follow all the guides but I am lost on what I am doing incorrectly.
Thanks,
Joe
04-09-2010 11:29 AM
Ok, I am not a little further. I have got the Test Authentication to work and now I have a node secret between the ACS and the RSA server. Now when I attempt to VPN in I never see any traffic from the ACS server to the RSA server. I don't see anything in the Monitoring tool for the RSA and I simply recieve an External DB password invalid. I have a sniffer attached and I don't ever see the ACS attempt to connect to the RSA. The user I am testing with is setup to use the RSA Secure Token Server. I have contacted RSA but now they are saying it is an ACS issue.
Anyone have any suggestions?
Thanks,
Joe
04-28-2010 06:19 AM
Ok, I haven't gotten any feedback on this..I am able to now authenticate via the RSA SecurID appliance. I have added a Replica to the enviroment for RSA. I have generated a new sdconf.rec file and copied it to the ACS server c:\windows\system32 folder. I rebooted the ACS but I still don't see the replica in the RSA Authentication Agent. Does anyone know how I can update the ACS to where it will attempt to send to the replica once the primary is down?
Thanks,
Joe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide