10-19-2004 04:17 PM - edited 03-10-2019 01:51 PM
Hello,
I tried to setting rsa secured with remote access dial-in service on cisco 2600 box. Everything works well except when token in new pin or next token mode. The dial-up client can not enter second passcode, do not have second pop-up window, so all authentications was fail. My dial-up client is windows 2000 or xp.
Please suggest me too.
Thanks,
Nitass
10-22-2004 06:03 PM
In order for the client to receive these second prompts you must have the authentication occur within a terminal window. When doing this, you can leave the username/password fields empty in the dialog box that Windows provides for authentication. Once you have completed the authentication through the terminal window, you should be able to continue and successfully complete your connection. If you click on the properties of the dialup session, then click on the Security tab, you should find the option for "Show Terminal Window" under the Interactive Logon ans Scripting section.
10-24-2004 08:05 PM
Thank you for your reply. I think terminal window authentication does not friendly with mostly user. I have a lot of problems when many users in new pin or next token mode. How do you do for this issue?
Thanks for advance,
Nitass
10-26-2004 05:07 AM
While I agree with you that the terminal window solution is more complex and less user friendly than the standard Windows DialUp window/authentication, the terminal window does provide a solution to the new pin or next token issue which the standard Windows does not.
I work with a customer who uses RSA token to authenticate dial in users. We have found the solution to the issue you are dealing with to be either the terminal window where the user can deal with their problem or to have someone take administrative action on the RSA server to reset/resync the users token.
So as I see it you have a choice to make: either present terminal window as an alternative setup on the user PC or when they can not login on dial up have them call the Help Desk and have someone deal with it for them. One solution is somewhat less user friendly but does allow the user to deal with their own problem, and the other solution is more user firendly and puts more load on the Network Support staff.
I would also wonder why you have so many users in new pin and next token mode? Perhaps if you can figure how to minimize the frequency of these modes you can minimize the problem of difficulty authenticating for your users.
HTH
Rick
10-26-2004 09:36 AM
Hi All,
Many thank you for your suggestion.
Thanks,
Nitass
10-27-2004 09:37 PM
When I tried the terminal window authentication, message "error 691 access was denied because the username and/or password was invalid on the domain" occurred. I make sure correct username and password. If I tried without the terminal window, everything work fine.
Please advice me again.
Thanks,
Nitass
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide