Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1348
Views
0
Helpful
5
Replies

rsa securid with remote access dial-in service problem

nitass
Level 1
Level 1

‎10-19-2004 04:17 PM - edited ‎03-10-2019 01:51 PM

Hello,

I tried to setting rsa secured with remote access dial-in service on cisco 2600 box. Everything works well except when token in new pin or next token mode. The dial-up client can not enter second passcode, do not have second pop-up window, so all authentications was fail. My dial-up client is windows 2000 or xp.

Please suggest me too.

Thanks,

Nitass

Labels:
0 Helpful
5 Replies 5

sstudsdahl
Level 4
Level 4

‎10-22-2004 06:03 PM

In order for the client to receive these second prompts you must have the authentication occur within a terminal window. When doing this, you can leave the username/password fields empty in the dialog box that Windows provides for authentication. Once you have completed the authentication through the terminal window, you should be able to continue and successfully complete your connection. If you click on the properties of the dialup session, then click on the Security tab, you should find the option for "Show Terminal Window" under the Interactive Logon ans Scripting section.

0 Helpful

nitass
Level 1
Level 1
In response to sstudsdahl

‎10-24-2004 08:05 PM

Thank you for your reply. I think terminal window authentication does not friendly with mostly user. I have a lot of problems when many users in new pin or next token mode. How do you do for this issue?

Thanks for advance,

Nitass

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to nitass

‎10-26-2004 05:07 AM

While I agree with you that the terminal window solution is more complex and less user friendly than the standard Windows DialUp window/authentication, the terminal window does provide a solution to the new pin or next token issue which the standard Windows does not.

I work with a customer who uses RSA token to authenticate dial in users. We have found the solution to the issue you are dealing with to be either the terminal window where the user can deal with their problem or to have someone take administrative action on the RSA server to reset/resync the users token.

So as I see it you have a choice to make: either present terminal window as an alternative setup on the user PC or when they can not login on dial up have them call the Help Desk and have someone deal with it for them. One solution is somewhat less user friendly but does allow the user to deal with their own problem, and the other solution is more user firendly and puts more load on the Network Support staff.

I would also wonder why you have so many users in new pin and next token mode? Perhaps if you can figure how to minimize the frequency of these modes you can minimize the problem of difficulty authenticating for your users.

HTH

Rick

HTH

Rick
0 Helpful

nitass
Level 1
Level 1
In response to Richard Burts

‎10-26-2004 09:36 AM

Hi All,

Many thank you for your suggestion.

Thanks,

Nitass

0 Helpful

nitass
Level 1
Level 1
In response to nitass

‎10-27-2004 09:37 PM

When I tried the terminal window authentication, message "error 691 access was denied because the username and/or password was invalid on the domain" occurred. I make sure correct username and password. If I tried without the terminal window, everything work fine.

Please advice me again.

Thanks,

Nitass

0 Helpful
Customers Also Viewed These Support Documents