×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Help with ACS 5.4 and RSA SecurID Server!!

Unanswered Question
Jan 10th, 2014
User Badges:

Hi all,


I have run into some issues when trying to authenticate wireless users against an RSA SecurID server and would appreciate any input from the community.


The RSA server configuration has been verified as correct, and the only real log as such (authentication monitor) shows:


User “me” attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “SystemDomain”. Not very helpful.


The ACS AAA log shows the following:


Jan 10,14 3:43:30.353 PM Radius authentication failed for USER: me  MAC: 00-19-7e-88-5a-7b  AUTHTYPE: EAP-FAST(EAP-GTC) Radius authentication failed.


Detailed log:

Authentication Details

Logged At: January 10,2014 3:43:30.353 PM

ACS Time: January 10,2014 3:43:30.343 PM

ACS Instance: wlan-acs-1

Authentication Method: PAP_ASCII

EAP Authentication Method : EAP-GTC

EAP Tunnel Method : EAP-FAST


User

ACS Username: me

RADIUS Username :  

Calling Station ID: 00-19-7e-88-5a-7b

Framed IP Address:  

Host Lookup: 


Network Device

Network Device: wlc-02

Network Device Groups: Device Type:All Device Types:5508

Location:All Locations:LAB

NAS IP Address: 10.201.30.129

NAS Identifier:  

NAS Port:  

NAS Port ID: 13

NAS Port Type:


Access Policy

Access Service: Default Network Access


Identity Store: rsaserver

Authorization Profiles:  

Exception Authorization Profiles:  

Active Directory Domain:  

Identity Group:  

Access Service Selection Matched Rule: Rule-1

Identity Policy Matched Rule: Default

Selected Identity Stores: rsaserver

Query Identity Stores:  

Selected Query Identity Stores:  

Group Mapping Policy Matched Rule:  

Authorization Policy Matched Rule:  

Authorization Exception Policy Matched Rule:  


CTS

CTS Security Group:  

Other

ACS Session ID: wlan-acs-1/178729561/86

Audit Session ID:  

Tunnel Details:  

H323 Attributes:  

SSG Attributes:  

Cisco-AVPairs:  

Other Attributes: ACSVersion=acs-5.4.0.46-B.221

ConfigVersionId=26


If further information is needed, please let me know.


Thanks for your time.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nix-patheon Wed, 01/15/2014 - 04:55
User Badges:

For anyone having the same issue, I found that removing the configuration from the RSA Token Server external identity store and configuring for RADIUS Identity Server solved my problem.

Actions

This Discussion

 

 

Trending Topics - Security & Network