RSA SecurID Access

Massimiliano Mandato in RSA SecurID Access2 years ago (Show more)

How to list all users with radius attribute ?

Hi All, i need to export all users with an configured radius attribute on the RSA Authentication Manager (ver 8.1 SP1). The management console does not contain such a report where i can filter on radius attributes If anyone has a solution this would be great. Thanks in advance Best regards Max

7 repliesShow more activity

George Maher

(to Paul Cummings) 12 hours ago (Show more Show less)

Hello Paul, Yes there is a way, Please follow the below steps: 1. SSH on the primary server 2. /opt/rsa/am/utils/rsautil manage-secrets -a get com.rsa.db.dba.password 3. /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba 4. enter the password fetched in step 2 5. in my case the read only user is <rouser>, all you nee to do…

Actions

Mohammad Ameenuddin in RSA SecurID Access2 days ago (Show more)

Upgrade of RSA AM 8.3 to 8.5 P2

Hi Folks, We are on RSA AM 8.3 P5 RSA Appliance and planning for upgrade. Currently we have 6 AM's 1 Primary and 5 replicas: Two questions 1. Can we upgrade hardware appliance from 8.3 p5 to 8.5 P2? If answer is yes to 1st question 2. What will happen to users connected on Primary at the time of upgrade ? I presume they failover to… (Show more)

3 repliesShow more activity

George Maher

(to Mohammad Ameenuddin) 20 hours ago (Show more Show less)

1.Does this mean, we can upgrade 1 Primary and 5 replicas in "one change window" WITHOUT any downtime of users?? Yes, all the authentications will be redirected randomly to the other 5 replicas 2.Do we upgrade first primary and then just replica instances to 8.5?? or do we need any switchover of instances before upgrades on replicas You…

Actions

Igor Kuznetsov in RSA SecurID Access22 hours ago (Show more)

Hello, When I can expect your instructions for the RSA Software SecureID Token installation?

Добрый день Я перешел на другой ноут и мне необходимо установить RSA Software SecureID Token для входа на сайт mastercardconnect. Нв rsa.com следуя инструкции я заполнил форму. Мне ссылка на загрузку прийдет по почте? Каковы мои дальнейшие действия?

1 replyShow more activity

George Maher

(to Igor Kuznetsov) 20 hours ago (Show more Show less)

Hello, Please check the article below on how to download the electronic tokens RSA Announces Electronic RSA SecurID Software Token Enablement Thanks Gee

Actions

Kiran Namoju in RSA SecurID Access1 week ago (Show more)

Failover in RSA Authentication Manager

Greetings, I am looking for RSA AM failover documentation. I know if primary goes down, secondary/replica will still pickup authentication requests and fulfill the MFA, however, is not capable of handling the administrative tasks. Do we have any mechanism available in RSA AM where it fails over, with full service(MFA and admin… (Show more)

1 replyShow more activity

George Maher

(to Kiran Namoju) 2 days ago (Show more Show less)

Hello Kiran, Primary and replica are working in an Active Active protocol, If the primary is Down, the replica will takes place for Authentications only, since the replica is a Read-Only server, you cannot do any administrative activities on it, and regarding the automatic Switch when the primary is Down, this is not applicable Promotion has…

Actions

Martin Rios in RSA SecurID Access1 week ago (Show more)

Questions about setting up replica instance for RSA secure ID 8.5

Hi Team, We have a couple of questions about setting up a replica instance for RSASecureID 8.5: -Should we set the Fully Qualifies Host Name to be the same as the primary? -Should we set the IP Address to be the same as the primary? -In the case that both instances can't talk to each other over port 7002, what would be the steps to… (Show more)

1 replyShow more activity

George Maher

(to Martin Rios) 2 days ago (Show more Show less)

Hello, The Replica must be in the same subnet as the primary, but it must have different FQDN and different IP from the Primary of course If you found out that there is a problem in the replication which you can on Operations Console > home Page > replication status You are most welcome to open a Support case as this require an…

Actions

David Berner in RSA SecurID Access4 days ago (Show more)

LDAP Connection and NTP issues

Hello, One of our replica servers started firing off LDAP connection notifications today and now it cannot connect to any LDAP servers. Also receiving random NTP notifications from the same replica "Either the NTP service is not running or unable to sync time from the NTP server". I noticed the following article: 000037920 - NTP error in… (Show more)

1 replyShow more activity

George Maher

(to David Berner) 2 days ago (Show more Show less)

Hello, 1. Make sure that the NTP server is reachable from the replica side, 2. Make sure that you have 2 NTP servers configured in the Operations Console of replica > Administration > Date & Time. 3. SSH on the server, and run ntpq -n check the results and the offset Thanks, Gee

Actions

Vitali Starov in RSA SecurID Access2 months ago (Show more)

RSA Authentication method failed

DE Guten Tag, Wir haben ein solches Problem bei der Installation von RSA-Authentication Manager und das RADIUS-Protokoll. Die RSA-Radius Server Installation war erfolgreich installier, aber nach dem Authentifizierungstest des Benutzers wird dieser Fehler angezeigt. EN Good day, We have such a problem when installing RSA Authentication Manager and… (Show more)

1 replyShow more activity

George Maher

(to Vitali Starov) 2 days ago (Show more Show less)

Hello, Passcode format error, is a general error, that defines that the passcode you entered is incorrect, So, please 1. Test first authentication on the SSC ( https://<Primaryhostname>/ssc), to make sure that you are doing the authentication in a correct way, 2. If the auth succeeded on SSC, try again on the Radius Client. 3. if not, you…

Actions

4DV Analytics in RSA SecurID Access3 months ago (Show more)

Relying Parties

I have a RSA Authentication Client (Relying Party) SAML client. This is for AWS and logging into the Management Console. The button on the right side says "inactive". Shouldn't it be "active"? What does the active/inactive button do? Thanks

1 replyShow more activity

George Maher

(to 4DV Analytics) 2 days ago (Show more Show less)

Hello, Please check the guide below: Manage Relying Parties Thanks, Gee

Actions

James Aschinger in RSA SecurID Access3 months ago (Show more)

While applying patch to primary the replica did not take authentication requests

We recently deployed a replica instance and today I applied 8.4 patch 14 to both servers. I started with the primary and while that was upgrading we were unable to authenticate to the replica. However it appears the replication is "Synchronized" and everything else appears good.

1 replyShow more activity

George Maher

(to James Aschinger) 2 days ago (Show more Show less)

Hello James, If we are dealing with Radius Authentications, you needed to make sure that the Ip of the replica is configured on the third party side, else it will not redirect the authentications, Can you clarify more what was the agent type and if you are sure that the replicas are configured on the third party clients Thanks, Gee

Actions

Bruce McGuire in RSA SecurID Access2 days ago (Show more)

when some users are trying to authenticate to vpn using a hardware fob, they enter their information then are required to enter the next token number even though they just went through this. The second time they do not add their pin just the token code

W

1 replyShow more activity

Jay Guillette

(to Bruce McGuire) 2 days ago (Show more Show less)

There are two reasons a user entering a passcode can get prompted for a Next Token Code, NTC 1. They have failed a number of passcode authentications with that token - Security Console - Auth - Policy - Tokens 2. The TokenCode that was entered (Passcode=TokenCode+PIN) is slightly outside of the Window of acceptable tokencodes for that…

Actions