000011738 - Unable to authenticate to Authentication Manager 7.1 or RSA SecurID Appliance 3.0 via RADIUS

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011738
Applies ToAuthentication Manager 7.1 AM 7.1 SP4 APP3.0.4
2003 Server SP2

RSA SecurID Appliance 3.0

IssueUnable to authenticate to Authentication Manager 7.1 SP4 or RSA SecurID Appliance 3.0.4 via RADIUS

RADIUS logging shows the following errors: <RSA_HOME>/radius/<date>.log e.g. ../radius/20130913.log

Failed to initialize communications for SecurID authentication (result =23)

Unable to find user user_name with matching password

Sent reject response


Authentication Activity Monitor shows no traffic, RADIUS - RADIUS Statistics - RADIUS Client Statistics shows Rejects
CauseThe node secret for RADIUS server needs to be recreated
ResolutionTo correct this issue, first back up the Auth Manager database via the Operations Console.

Next, delete the RADIUS server, either through the Security Console (RADIUS > RADIUS Servers) or Operations Console (Deployment Configuration > RADIUS > )

Now reconfigure the RADIUS server.

On the RADIUS server that was just removed, follow the steps below for your platform.

Windows

  • Open a command prompt and navigate to C:\Program Files\RSA Security\RSA Authentication Manager\config
  • Run configUtil.cmd configure radius register

Unix or SecurID 3.0 Appliance

  • Open an SSH session and cd  to <RSAHOME>/RSASecurity/RSAAuthenticationManager/config
  • Run ./configUtil.sh configure radius register

The RADIUS server is listed in the Operations and Security Consoles.

NOTE: Optionally remove RADIUS servers, replica then primary, from Security console - RADIUS -Servers, then go to Operations Console and Configure RADIUS Server, primary 1st.

Legacy Article IDa48349

Attachments

    Outcomes