Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
2
Replies

NEW PIN mode fails after migrating to new ACS version

Go to solution
skingry
Level 1
Level 1

‎01-16-2007 05:05 PM - edited ‎03-10-2019 02:55 PM

Old setup.

CiscoSecure ACS v3.x

Windows server also has the RSA/ACE agent that queries a second server for SecurID authentication

C3745 and a PIX used for inbound remote access

Users access w/Cisco Systems VPN Client

Works great

New setup.

CiscoSecure ACS v4.0, running on a different Windows server

Slightly newer version of the RSA/ACE agent

Same C3745 and PIX

Same use4rs, same client.

Works great as long as the SecurID card is not in NEW PIN mode

If the card is in NEW PIN mode, the Cisco Systems VPN client of course prompts if the users wants to create a new pin. The answer is ?y? or ?n.? The client is then supposed to prompt for the PIN and then prompt a second time for the PIN. This never happens. Instead, w/in three seconds of the user saying ?y?, CSACS fails the user and the client terminates the connection.

Help!

Thanks,

Shane

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
darpotter
Level 5
Level 5

‎01-17-2007 04:53 AM

Hi

You may want to ping the Cisco TAC. I remember there were loads of issues with RSA authentication that may have been fixed after 4.0 shipped.

If you run csauth from the command line:

csauth -z -p

you'll see a whole load of debug.. look for "[Securid" to see all related messages.

Darran

View solution in original post

0 Helpful
2 Replies 2

Go to solution
darpotter
Level 5
Level 5

‎01-17-2007 04:53 AM

Hi

You may want to ping the Cisco TAC. I remember there were loads of issues with RSA authentication that may have been fixed after 4.0 shipped.

If you run csauth from the command line:

csauth -z -p

you'll see a whole load of debug.. look for "[Securid" to see all related messages.

Darran

0 Helpful

Go to solution
skingry
Level 1
Level 1

‎01-17-2007 12:32 PM

It runs out there is a bug in 4.0(1)B27 for this. The TAC was able to supply me with a patched version of CSAuth.exe. All fixed now. =)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents