Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1076
Views
0
Helpful
3
Replies

Integration of Cisco ACS SE 4.2 and RSA SecurID Token Server

ailikiyio
Level 1
Level 1

‎10-14-2008 04:15 PM

Hi,

I would be very appreciated if anyone can share their experience. Thanks in advance.

Issue:

I am trying to configure the ACE SE 4.2 to authenticate using RSA SecurID Token Server.

Problems encountered:

Authentication failed. In the failed logged attempt the error "External Database not operational" was next to the login name.

In the auth.log, there was "External DB [SecurID.dll]: aceclnt.dll callback returned error [23]".

Questions:

1. Please kindly advise how I should resolve this problem.

2. Also, is there any successful message once ACS get the sdconf.rec? Will the "Purge Node Secret" button be enabled?

Troubleshooting steps I have done:

Below is the steps I took to setup the external DB.

1. Verified sdconf.rec is not a garbage file using the Test authentication function in RSA client.

2. FTP sdconf.rec in the external database configuration. (Had used Wireshark and confirm file transfered successfully.)

2. Defined unknown user policy to check RSA SecurID Token Server to authenticate.

------

Thank you.

Labels:
0 Helpful
3 Replies 3

cisco24x7
Level 6
Level 6

‎10-14-2008 04:42 PM

I have NO experience with ACS SE 4.2 and

RSA SecurID Token Server BUT I have

experiences with Cisco ACS 4.1 running on

Windows 2003 SP2 Enterprise Edition and

RSA SecurID Token Server.

All the troubleshoot you've done is correct.

In Windows 2003 running Cisco ACS, you can

install the test authentication RSA client

and that you can verify that the setup

is correct (by verifying that the sdconf.rec

is not corrupted).

One thing I can think of is that when you

setup the ACS SE box, under external

database, configure unknown user policy,

did you check it to tell how to define users

when they are not found in the ACS internal

database. Did you select RSA SecurID token

server?

Other than that, from what I understand,

you've done everything correctly.

0 Helpful

ailikiyio
Level 1
Level 1
In response to cisco24x7

‎10-14-2008 05:24 PM

Thank you for your reply.

And yes, I did checked to use RSA SecurID in unknown user policy.

In the ACS user guide (page12-56), it said that once sdconf.rec has been uploaded, then click to "Purge Node Secret". However, the button was never enabled.

Is there anything wrong with it or is it normal?

0 Helpful

cckleibeuker
Level 1
Level 1

‎05-08-2009 03:21 AM

Hi

I don't know if it is working.

We had the same problem and we solved it.

The solution was to use the second nic interface and not thee first one (as adviced by the Cisco document).

Gz

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents