cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3150
Views
10
Helpful
20
Replies

ACS 4.2 with RSA SecurID: CSTacacs: Failed to authenticate on test account

p.hruby
Level 1
Level 1

After RSA SecurID integration into ACS 4.2 i can see the following messages in Reports and Activity - ACS Service Monitoring:

CSTacacs: Failed to authenticate on test account..

I've discovered that ACS tries to authenticate test userid: CSMonTac against RSA SecurID external database. This is of course fails and all ACS services are then restarted.

Can anyone tell me what did I do wrong? Is there any way how to enforce ACS to authenticate this account against internal database?

Petr

20 Replies 20

I'm going through the current logs and would like to know whe this issue occurs. Can users authenticate during that time?

If they fail the authentication what do they show in the failed authentication?

Jatin Katyal

- Do rate helpful posts -

~Jatin

Jatin,

authentication of standard users (against local, windows domain  or RSA SecurID database) works fine.

Only authentication of user CSMonTac fails because ACS tries to authenticate this internal user against RSA SecurID database (see RSA-RT-Mon.jpg - screenshot of the log from RSA SecurID).

Petr

TCS 05/06/2013 09:24:46 I 0043 5052 0x0 <<< RECEIVED FROM CLIENT:TacacsTestNas TYPE=AUTHEN/START, SEQ=1, FLAGS=64

TCS 05/06/2013 09:24:46 I 0043 5052 0x0 SESSIONID 385875968 (0x17000000), DATALEN 54 (0x36)

TCS 05/06/2013 09:24:46 I 0043 5052 0x0 PRIV:1

TCS 05/06/2013 09:24:46 I 0043 5052 0x0 ACTION=login AUTHEN_TYPE=pap SERVICE=ppp

TCS 05/06/2013 09:24:46 I 0043 5052 0x0 USERLEN=8 PORTLEN=1 (0x1), REMADDRLEN=5 (0x5) DATALEN=32

TCS 05/06/2013 09:24:46 I 0043 5052 0x0 USER=CSMonTac

TCS 05/06/2013 09:24:46 I 0043 5052 0x0 PORT=0

TCS 05/06/2013 09:24:46 I 0043 5052 0x0 REM_ADDR=CSMON

TCS 05/06/2013 09:24:46 I 0043 5052 0x0 END >>>

TCS 05/06/2013 09:24:46 I 0688 5168 0x0 Single Connect thread 0 allocated work

TCS 05/06/2013 09:24:48 I 0043 5168 0x0 <<< PACKET TO CLIENT:TacacsTestNas TYPE:AUTHEN/FAIL, SEQ 2, FLAGS 1

TCS 05/06/2013 09:24:48 I 0043 5168 0x0 SESSIONID 385875968 (0x17000000), DATALEN 6 (0x6)

TCS 05/06/2013 09:24:48 I 0043 5168 0x0 type=AUTHEN status=2 (AUTHEN/FAIL) flags=0x0

TCS 05/06/2013 09:24:48 I 0043 5168 0x0 msg_len=0, data_len=0

p.hruby
Level 1
Level 1

I've installed latest patch Acs-4.2.0.124.17-SW.exe but the problem persists ...


can we get the fresh logs now after the upgrade and patch.

Jatin Katyal


- Do rate helpful posts -

~Jatin

Jatin,

I think important entries are in AUTH.log file:

AUTH 05/29/2013 10:50:45 I 2856 1264 0x2 Start UDB_AUTHENTICATE_USER, client 1 (127.0.0.1)

AUTH 05/29/2013 10:50:45 I 0406 1264 0x6 AuthenAuthenticateUser: setting session group ID to 20.

AUTH 05/29/2013 10:50:45 I 0505 1264 0x6 AuthenAuthenticateUser: setting session group ID from user profile to 1.

AUTH 05/29/2013 10:50:45 I 1915 1264 0x6 pvAuthenticateUser: authenticate 'CSMonTac' against RSA SecurID Token Server

AUTH 05/29/2013 10:50:45 I 0428 1264 0x6 External DB [SecurID.dll]: Starting authentication for user [CSMonTac]

AUTH 05/29/2013 10:50:45 I 1425 1264 0x6 External DB [SecurID.dll]: SecurID_StartSession called

AUTH 05/29/2013 10:50:45 I 1756 0720 0x0 External DB [SecurID.dll]: SecurID_Callback called

AUTH 05/29/2013 10:50:45 I 1439 1264 0x6 External DB [SecurID.dll]: SecurID_StartSession WaitForSingleObject returned 0

AUTH 05/29/2013 10:50:45 I 1776 0720 0x0 External DB [SecurID.dll]: SecurID_Callback finished

AUTH 05/29/2013 10:50:45 I 1756 0720 0x0 External DB [SecurID.dll]: SecurID_Callback called

AUTH 05/29/2013 10:50:45 I 1776 0720 0x0 External DB [SecurID.dll]: SecurID_Callback finished

AUTH 05/29/2013 10:50:47 E 6170 4848 0x0 AllocateThread returned 2

AUTH 05/29/2013 10:50:47 I 1756 0720 0x0 External DB [SecurID.dll]: SecurID_Callback called

AUTH 05/29/2013 10:50:47 I 1550 1264 0x6 External DB [SecurID.dll]: SecurID_Check result [1]

AUTH 05/29/2013 10:50:47 I 1776 0720 0x0 External DB [SecurID.dll]: SecurID_Callback finished

AUTH 05/29/2013 10:50:47 I 0407 1264 0x6 External DB [SecurID.dll]: Completed user [CSMonTac]

AUTH 05/29/2013 10:50:47 I 5598 1264 0x6 Done UDB_AUTHENTICATE_USER, client 1, status UDB_INVALID_TOKEN_PW

Account CSMonRad is authenticated against internal database:

AUTH 05/29/2013 10:50:45 I 2856 5572 0x4 Start UDB_AUTHENTICATE_USER, client 2 (127.0.0.1)

AUTH 05/29/2013 10:50:45 I 0406 5572 0x5 AuthenAuthenticateUser: setting session group ID to 0.

AUTH 05/29/2013 10:50:45 I 0505 5572 0x5 AuthenAuthenticateUser: setting session group ID from user profile to 500.

AUTH 05/29/2013 10:50:45 I 1915 5572 0x5 pvAuthenticateUser: authenticate 'CSMonRad' against CSDB

AUTH 05/29/2013 10:50:45 I 5598 5572 0x5 Done UDB_AUTHENTICATE_USER, client 2, status UDB_OK

AUTH 05/29/2013 10:50:45 I 6003 5572 0x5     Worker 3 processing message 34.

Petr

p.hruby
Level 1
Level 1

Now we are running ACS 4.2(1) Build 15 Patch 10. ACS still tries to authenticate CSMonTac against RSA ...

In near future we are going to buy latest version of ACS. I hope that fresh installation of this latest version helps.

Until then I'll leave System  Monitoring option unchecked.

Petr

AUTH 06/04/2013 09:56:27 I 2884 1820 0xf Start UDB_AUTHENTICATE_USER, client 1 (127.0.0.1)

AUTH 06/04/2013 09:56:27 I 0406 1820 0x10 AuthenAuthenticateUser: setting session group ID to 20.

AUTH 06/04/2013 09:56:27 I 0505 1820 0x10 AuthenAuthenticateUser: setting session group ID from user profile to 1.

AUTH 06/04/2013 09:56:27 I 1917 1820 0x10 pvAuthenticateUser: authenticate 'CSMonTac' against RSA SecurID Token Server

AUTH 06/04/2013 09:56:27 I 0448 1820 0x10 External DB [SecurID.dll]: Starting authentication for user [CSMonTac]

AUTH 06/04/2013 09:56:27 I 1565 1820 0x10 External DB [SecurID.dll]: SecurID_StartSession called

AUTH 06/04/2013 09:56:27 I 1896 3620 0x0 External DB [SecurID.dll]: SecurID_Callback called

AUTH 06/04/2013 09:56:27 I 1579 1820 0x10 External DB [SecurID.dll]: SecurID_StartSession WaitForSingleObject returned 0

AUTH 06/04/2013 09:56:27 I 1916 3620 0x0 External DB [SecurID.dll]: SecurID_Callback finished

AUTH 06/04/2013 09:56:27 I 1896 3620 0x0 External DB [SecurID.dll]: SecurID_Callback called

AUTH 06/04/2013 09:56:27 I 1916 3620 0x0 External DB [SecurID.dll]: SecurID_Callback finished

AUTH 06/04/2013 09:56:28 I 6043 3464 0x0     Worker 5 processing message 3.

AUTH 06/04/2013 09:56:28 I 2884 3464 0x0 Start UDB_BUFFER_TOO_SMALL, client 1 (127.0.0.1)

AUTH 06/04/2013 09:56:28 I 5634 3464 0x0 Done UDB_BUFFER_TOO_SMALL, client 1, status UDB_OK

AUTH 06/04/2013 09:56:29 I 1896 3620 0x0 External DB [SecurID.dll]: SecurID_Callback called

AUTH 06/04/2013 09:56:29 I 1690 1820 0x10 External DB [SecurID.dll]: SecurID_Check result [1]

AUTH 06/04/2013 09:56:29 I 1916 3620 0x0 External DB [SecurID.dll]: SecurID_Callback finished

AUTH 06/04/2013 09:56:29 I 0427 1820 0x10 External DB [SecurID.dll]: Completed user [CSMonTac]

AUTH 06/04/2013 09:56:29 I 5634 1820 0x10 Done UDB_AUTHENTICATE_USER, client 1, status UDB_INVALID_TOKEN_PW

AUTH 06/04/2013 09:56:29 I 6043 1820 0x10     Worker 0 processing message 1109.

AUTH 06/04/2013 09:56:29 I 2884 1820 0x10 Start UDB_LOG, client 1 (127.0.0.1)

AUTH 06/04/2013 09:56:29 I 5634 1820 0x10 Done UDB_LOG, client 1, status UDB_OK

AUTH 06/04/2013 09:56:29 I 6043 3452 0x0     Worker 4 processing message 49.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: