Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA SecurID - need some help

cryptochrome_
Contributor
‎07-31-2013 08:32:AM
‎07-31-2013 08:32:AM

Re: RSA SecurID - need some help

@Era wrote:

Hi!

 

Here are some details regards our RSA case - http://kb.pulsesecure.net/KB23202

 

In general just configure AD as LDAP server and as result it will be available under RSA -Directory/Attribute drop list.

 

It works for my configuration for 20 RSA roles based on AD groups memberships.

 

Hope it helps.

 

Ok, I have done this, but I still don't get it to work. I have:

 

* RSA as Authentication Server

* LDAP (AD) as Directory/Atribute Server

 

Then I try to log in to the realm by using my AD credentials. It takes a while and then tells me wrong username/password. I don't get to see anything where I could enter my tokencode, I am not prompted for it.

 

On the RSA console I can see the user trying to logon but failed due to "Authentication method failed". 

 

The SSL VPN logs say that "there is no node verification file". I assume this is usually automatically created upon first successfull authentication.

 

Any ideas?

 

Thanks

 

0 Kudos
zanyterp_
Respected Contributor
‎07-31-2013 06:06:PM
‎07-31-2013 06:06:PM

Re: RSA SecurID - need some help

Yes, the verification file is created at successful login. If you do RSA only, what happens?
When you created the sdconf.rec file, did you confirm that the node secret was NOT created? Does the rsa server show that there is not a node secret?
0 Kudos
cryptochrome_
Contributor
‎07-31-2013 07:04:PM
‎07-31-2013 07:04:PM

Re: RSA SecurID - need some help

Yes, I am pretty sure that there is no node secret on the RSA server
either.
0 Kudos
mtessier_
Frequent Contributor
‎08-14-2013 11:26:AM
‎08-14-2013 11:26:AM

Re: RSA SecurID - need some help

Crypto, if you have your RSA/ACE server as your first authentication server and you have AD/LDAP as your authorization server, you will not be challenged for your AD credentials. Instead, you will be challened for your RSA/ACE credentials. Then, the IVE will use the credentials that you specify in the AD/LDAP Auth server config to query Active Directory for your account's group memberships and attributes.

 

If you also want to be challenged for your AD credentials (after the RSA credentials), you need to select your AD/LDAP auth server as a secondary authentication server.

 

I'm sorry if I'm misinterpreting what you're trying to do. I hope this helps.

0 Kudos
cryptochrome_
Contributor
‎09-05-2013 05:05:AM
‎09-05-2013 05:05:AM

Re: RSA SecurID - need some help

Thanks. I am now able to authenticate using tokens. There was a problem with the RSA configuration. I will try to implement LDAP/AD challenge as well next.

0 Kudos
mtessier_
Frequent Contributor
‎09-05-2013 06:48:AM
‎09-05-2013 06:48:AM

Re: RSA SecurID - need some help

That's good to hear. Post if you have trouble with that part.  Smiley Happy

0 Kudos
cryptochrome_
Contributor
‎09-05-2013 06:58:AM
‎09-05-2013 06:58:AM

Re: RSA SecurID - need some help

I got it fully working. In the way you suggested. AD as primary and RSA as secondary auth. server. Works like a champ now Smiley Happy

Thanks!
0 Kudos
mtessier_
Frequent Contributor
‎09-05-2013 07:07:AM
‎09-05-2013 07:07:AM

Re: RSA SecurID - need some help

Excellent news. Glad to be of assistance.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.