000032264 - When running acetest utility with the RSA SecurID Authentication Agent for PAM, getting error:  Cannot Do AceInitialize for communication with ACE/Server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000032264
Applies To

RSA Product Set:  SecurID


RSA Product/Service Type:   Authentication Agent for PAM

IssueWhen testing authentication with the acetest and acestatus utilities, the following errors appear:
[root@rh 64bit]# ./acetest
Cannot Do  AceInitialize for communication with ACE/Server.
[root@rh 64bit]# ./acestatus
Error can't connect to ACE/Server
TasksUse strace to trace the system IO that acetest and acestatus utilities will access.
ResolutionTo run strace,  SSH to the box where the PAM agent is installed and run the following command:
[root@rh 64bit]# strace ./acetest
........
stat("/var/ace/sdconf.rec", 0x7fffd238fd10) = -1 ENOENT (No such file or directory)
open("/etc/localtime", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4587b1000
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 3519
lseek(3, -2252, SEEK_CUR)               = 1267
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0"..., 4096) = 2252
close(3)                                = 0
munmap(0x7fb4587b1000, 4096)            = 0
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
sendto(3, "<11>Dec 22 19:21:13 acetest: ACE"..., 93, MSG_NOSIGNAL, NULL, 0) = 93
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4587b1000
write(1, "Cannot Do  AceInitialize for com"..., 60Cannot Do  AceInitialize for communication with ACE/Server.
) = 60

In this particular case, the agent cannot communicate with the authentication server because the acetest utility cannot locate the sdconf.rec file in /var/ace.
To resolve the issue, generate a new sdconf.rec on the Authentication Manager server (Access > Authentication Agents > Generate Configuration File > Generate Config File) and place it on the box with the PAM agent in the directory listed in the error output generated after running the strace the rerun acetest.. 

Attachments

    Outcomes