Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2005
Views
0
Helpful
2
Replies

ACS 4.2 integration with RSA appliance

joeharb
Level 5
Level 5

‎04-08-2010 01:43 PM - edited ‎02-21-2020 10:24 AM

I am trying to integrate our ACS server with a RSA 130 appliance.  I have the appliance on the wire and tokens imported and a user assigned.  I have also installed the RSA security Console on the ACS server.  When I attempt to do the authentication test it fails.  The error I get from the RSA server is that the Authentication Mode fails.

User “TestRSAVPN” attempted to authenticate using  authenticator “SecurID_Native”. The user belongs to security domain  “CSIEmployees”.

The authentication policy is set for SecurID_Native for this user.  I also can't purge the node secret for it is grayed out.  When I attempt to VPN with a token I never see the ACS try to connect to the RSA server and we get a failed:

04/08/2010 15:15:07 Authen failed TestRSAVPN CSINetops 172.16.11.116 External DB password invalid.

I have attempted to follow all the guides but I am lost on what I am doing incorrectly.

Thanks,

Joe

Labels:
0 Helpful
2 Replies 2

joeharb
Level 5
Level 5

‎04-09-2010 11:29 AM

Ok, I am not a little further.  I have got the Test Authentication to work and now I have a node secret between the ACS and the RSA server.  Now when I attempt to VPN in I never see any traffic from the ACS server to the RSA server.  I don't see anything in the Monitoring tool for the RSA and I simply recieve an External DB password invalid.  I have a sniffer attached and I don't ever see the ACS attempt to connect to the RSA.  The user I am testing with is setup to use the RSA Secure Token Server.  I have contacted RSA but now they are saying it is an ACS issue.

Anyone have any suggestions?

Thanks,

Joe

0 Helpful

joeharb
Level 5
Level 5
In response to joeharb

‎04-28-2010 06:19 AM

Ok, I haven't gotten any feedback on this..I am able to now authenticate via the RSA SecurID appliance.  I have added a Replica to the enviroment for RSA.  I have generated a new sdconf.rec file and copied it to the ACS server c:\windows\system32 folder.  I rebooted the ACS but I still don't see the replica in the RSA Authentication Agent.  Does anyone know how I can update the ACS to where it will attempt to send to the replica once the primary is down?

Thanks,

Joe

0 Helpful
Customers Also Viewed These Support Documents