000027040 - How to set pins or perform next tokencode mode with Ntradping

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027040
Applies To

how to set pins with ntradping


how to do next tokencode mode with ntradping
ntradping tricks
IssueUse ntradping for testing radius, and go through new pin mode or next tokencode mode
ntradping is unable to perform access-challenge

You -can- certainly use ntradping 1.5 with tokens in new pin mode, and set pins.


Here is how to do it. You may need to practice this for speed, so tokencodes do not rollover unexpectedly.


NOTE: the access-challenge STATE values below may be different when you use Ntradping.

The numbers below are examples of the values returned, when these are the first challenges sent to RSA radius.


new pin mode


1) send a username and tokencode to the RSA server


fire up ntradping, and authenticate with a tokencode


In the attribute dump field in the Radius server reply box, you get access challenge, but also, make note of the




Example: my test says 0|1

(the value may be different depending on the radius server you are using and when you do this,

use whatever the dump window shows you)




2) send the first pin as a response to the first access-challenge


a) In the lower left dropdown box, open the list and select STATE,  


b) and in the right hand dropdown, enter the full STATE value that SBR returned, which is SBR-CH 0|1, and click Add.


Now that value goes in the Additional Radius Attributes box as State=SBR-CH 0|1


c) Also, now put in the new PIN you want in the Password field, and hit SEND



3)  you will get another access-challenge


you will get another challenge with a new SBR-CH value. In my example above, I had entered SBR-CH 0|1 and send, and it returned 0|2.




4) send the second confirmation pin as a reply to the second access-challenge


The system just got your 1st pin, you need to send the same pin again.


As in step 2, Highlight the Additional Radius Attributes field, and remove the State=SBR-CH 0|1, and

change the value to 0|2, and Add it again so it appears in the Additional Radius Attributes field as State=SBR-CH 0|2 and hit SEND again.


You have just sent the 2 pins to the RSA server.


5) send the final confirmation new pin + tokencode in response to the final access-challenge


In my example, I then got 0|3 as a return challenge. Reoeating step 2 again, I make the final change

and make the Additional Return Attributes box show the State=SBR-CH 0|3 value,

and this time, I put the new pin and the current tokencode in the password field and hit SEND



6) the result, is access-accept (no more challenges)  and I now have a 'normal token' with a pin all set up.



You can use a slight variation of the same methods above to clear next tokencode mode

Legacy Article IDa52716