000012230 - Replica RADIUS not accepting authentication requests in RSA Authentication Manager 8.0 and 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Apr 16, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000012230
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.0, 8.1
IssueThis article explains how to fix the RADIUS configuration on an RSA Authentication Manager 8.0 or 8.1 replica when RADIUS does not authenticate users.

The /opt/rsa/am/radius/sbrepsetuptool.log shows the following message:

WARNING: Failed to resolve FQDN.
Failed to initialize communications for SecurID authentication (result = 23).
Unable to find user <username> with matching password.
CauseThe replica RSA Authentication Manager server was set up before DNS was properly configured for the replica.  This causes the sbrsetup tool to fail the lookup of the replica server on the primary.

Some of these commands begin with the characters ./

To resolve the issue, follow the steps below:

  1. On the replica server that is not allowing RADIUS authentication, establish an SSH session as the operating system user.

Note that during Quick Setup another user name may have been selected. Use that user name to login.

  1. Navigate to /opt/rsa/am/server:

cd /opt/rsa/am/server

  1. Stop the RADIUS service and the RADIUS Operations Console service:

./rsaserv stop radius 
./rsaserv stop radiusoc

  1. Navigate back to the RADIUS directory.
  2. Run the sbrsetuptool to define the server as a RADIUS replica:

cd /opt/rsa/am/radius
./sbrsetuptool -identity REPLICA

  1. Navigate to /opt/rsa/am/server:

cd ../server

  1. Restart the RADIUS service and the RADIUS Operations Console service:

./rsaserv start radius
./rsaserv start radiusoc
Legacy Article IDa65370