how to set pins with ntradping
how to do next tokencode mode with ntradping
|Issue||Use ntradping for testing radius, and go through new pin mode or next tokencode mode|
ntradping is unable to perform access-challenge
You -can- certainly use ntradping 1.5 with tokens in new pin mode, and set pins.
Here is how to do it. You may need to practice this for speed, so tokencodes do not rollover unexpectedly.
NOTE: the access-challenge STATE values below may be different when you use Ntradping.
The numbers below are examples of the values returned, when these are the first challenges sent to RSA radius.
new pin mode
1) send a username and tokencode to the RSA server
fire up ntradping, and authenticate with a tokencode
In the attribute dump field in the Radius server reply box, you get access challenge, but also, make note of the
Example: my test says 0|1
(the value may be different depending on the radius server you are using and when you do this,
use whatever the dump window shows you)
2) send the first pin as a response to the first access-challenge
a) In the lower left dropdown box, open the list and select STATE,
b) and in the right hand dropdown, enter the full STATE value that SBR returned, which is SBR-CH 0|1, and click Add.
Now that value goes in the Additional Radius Attributes box as State=SBR-CH 0|1
c) Also, now put in the new PIN you want in the Password field, and hit SEND
3) you will get another access-challenge
you will get another challenge with a new SBR-CH value. In my example above, I had entered SBR-CH 0|1 and send, and it returned 0|2.
4) send the second confirmation pin as a reply to the second access-challenge
The system just got your 1st pin, you need to send the same pin again.
As in step 2, Highlight the Additional Radius Attributes field, and remove the State=SBR-CH 0|1, and
change the value to 0|2, and Add it again so it appears in the Additional Radius Attributes field as State=SBR-CH 0|2 and hit SEND again.
You have just sent the 2 pins to the RSA server.
5) send the final confirmation new pin + tokencode in response to the final access-challenge
In my example, I then got 0|3 as a return challenge. Reoeating step 2 again, I make the final change
and make the Additional Return Attributes box show the State=SBR-CH 0|3 value,
and this time, I put the new pin and the current tokencode in the password field and hit SEND
6) the result, is access-accept (no more challenges) and I now have a 'normal token' with a pin all set up.
You can use a slight variation of the same methods above to clear next tokencode mode
|Legacy Article ID||a52716|