Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Help with ACS 5.4 and RSA SecurID Server!!

Hi all,

I have run into some issues when trying to authenticate wireless users against an RSA SecurID server and would appreciate any input from the community.

The RSA server configuration has been verified as correct, and the only real log as such (authentication monitor) shows:

User “me” attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “SystemDomain”. Not very helpful.

The ACS AAA log shows the following:

Jan 10,14 3:43:30.353 PM Radius authentication failed for USER: me  MAC: 00-19-7e-88-5a-7b  AUTHTYPE: EAP-FAST(EAP-GTC) Radius authentication failed.

Detailed log:

Authentication Details

Logged At: January 10,2014 3:43:30.353 PM

ACS Time: January 10,2014 3:43:30.343 PM

ACS Instance: wlan-acs-1

Authentication Method: PAP_ASCII

EAP Authentication Method : EAP-GTC

EAP Tunnel Method : EAP-FAST

User

ACS Username: me

RADIUS Username :  

Calling Station ID: 00-19-7e-88-5a-7b

Framed IP Address:  

Host Lookup: 

Network Device

Network Device: wlc-02

Network Device Groups: Device Type:All Device Types:5508

Location:All Locations:LAB

NAS IP Address: 10.201.30.129

NAS Identifier:  

NAS Port:  

NAS Port ID: 13

NAS Port Type:

Access Policy

Access Service: Default Network Access

Identity Store: rsaserver

Authorization Profiles:  

Exception Authorization Profiles:  

Active Directory Domain:  

Identity Group:  

Access Service Selection Matched Rule: Rule-1

Identity Policy Matched Rule: Default

Selected Identity Stores: rsaserver

Query Identity Stores:  

Selected Query Identity Stores:  

Group Mapping Policy Matched Rule:  

Authorization Policy Matched Rule:  

Authorization Exception Policy Matched Rule:  

CTS

CTS Security Group:  

Other

ACS Session ID: wlan-acs-1/178729561/86

Audit Session ID:  

Tunnel Details:  

H323 Attributes:  

SSG Attributes:  

Cisco-AVPairs:  

Other Attributes: ACSVersion=acs-5.4.0.46-B.221

ConfigVersionId=26

If further information is needed, please let me know.

Thanks for your time.

1 REPLY
Community Member

Help with ACS 5.4 and RSA SecurID Server!!

For anyone having the same issue, I found that removing the configuration from the RSA Token Server external identity store and configuring for RADIUS Identity Server solved my problem.

1338
Views
0
Helpful
1
Replies
CreatePlease to create content