I have setup the <USER> as you mentioned since they are the same and have setup the secondary auth server with the <Password[2]> This user is in AD and has been verified. I am getting the following when I do a Policy Trace: Authentication successful to auth server "RSA SecurID" - Getting directory information from auth server "authorization_RSA SecurID" - Retrieved directory information from auth server "authorization_RSA SecurID" - Generated secondary user name using template <USER>: "tch-515-test" - Generated secondary password using template <PASSWORD[2]>: "<hidden>" - Attempting to authenticate user "tch-515-test" with auth server "AD_SSO" -NTLogin(192.168.90.12, WEB\tch-515-test, WEB, iveuser, no, , yes, 1, 6, TEST IVE Computers) -Either username or password is empty. NTLogin done. -tch-515-test(RSA SecurID)[] - Sign-in rejected using auth server AD_SSO (Samba). Reason: ConnectError -tch-515-test(Admin Users)[.Administrators] - tch-515-hagen:RSA SecurID - Policy Tracing turned off I have setup a seperate realm to test the seconary authentication to the AD server directly and I get authenticated so I know the user is being validated in AD, I am at a point where the Secondary Auth is failing when it does the AD lookup it seems and cannot seem to figure out why. I have made some changes to the config on the IVE to no avail. Could it be the application itself not sending a response back to the IVE when credentials are bing passed ? Thanks
... View more