000032279 - How to enable System-generated PIN for RADIUS in RSA Authentication Manager 8.1.0

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032279
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Platform: VMware
O/S Version: ESXi 5.0
IssueIn the token policy the "Require System-generated PIN" is set for the PIN. This works when generating new PIN through standard agents. However you will get "New pin cancelled for user" error in Authentication Activity Monitor when trying to set a new PIN with RADIUS protocol.
ResolutionFor RADIUS client, in addition to enable the "System-generated PIN" in the Token Policy, you need also manually edit the securid.ini file and change ";AllowSystemPins = 0" to "AllowSystemPins = 1".
You can edit this file from Operations Console > Deployment Configuration > RADIUS Server. Or you can edit the file via SSH. This file is located at /opt/rsa/am/radius/securid.ini