000023302 - Windows account expiry

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023302
Applies ToAuthentication Manager 7.0
Authentication Manager 7.1
IssueUsing the Windows account expiry field
Account Expires
PASSCODE accepted
A user account which has expired in Active Directory which is an RSA Authentication Manager identity source can still authenticate and get PASSCODE accepted.
Cause

It is possible to configure Active Directory accounts to expire at the end of specific date.  This is administered in Active Directory in the Account properties tab for the user (Microsoft documentation should be used to know if this is local or UCT time).  In Authentication Manager 7.0 a user whose account had expired in Active Directory was still able to authenticate with a PASSCODE and gain network access via the RSA ACE/Agent.

This was caused by a logic issue in the RSA Authentication Manager and is expected to be corrected before the release of RSA Authentication Manager 7.1 however if it is not built into the released product then a subsequent patch will be made available.

Resolution

The problem has been resolved for RSA Authentication Manager 7.0 and administrators should install Patch_362437_7.0.4-362437 (obtainable from RSA Customer Support).

This issue will not affect RSA Authentication Manager 7.1 as the problem resolved before general release of this version.

Also:  during the creation of the Identity Source in the RSA Administrative Console the User Account Enabled State should be set to Directory.

For more information see the documentation on the DVD or online in RSA SecurCare Online:

 

RSA Authentication Manager 7.0 Release Notes

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/rel_notes/index.html

 

RSA Authentication Manager 7.0 Administrator's Guide

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/admin.pdf

 

RSA Authentication Manager 7.0 Getting Started

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/getting_started.pdf

 

RSA Authentication Manager 7.0 for Installation Guide

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/install.pdf

 

RSA Authentication Manager 7.0 Planning Guide

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/70/planning.pdf

 

RSA Authentication Manager 7.1 Release Notes

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/71/auth_manager_release_notes.html

 

RSA Authentication Manager 7.1 Getting Started  

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/71/auth_manager_getting_started.pdf

 

RSA Authentication Manager 7.1 ISO Mounting Instructions  

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/71/mount_iso.pdf

 

RSA Authentication Manager 7.1 Administrator?s Guide

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/71/auth_manager_administrator_guide.pdf

 

RSA Authentication Manager 7.1 Installation Guide  

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/71/auth_manager_installation_guide.pdf

 

RSA Authentication Manager 7.1 Migration Guide

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/71/auth_manager_migration_guide.pdf

 

RSA Authentication Manager 7.1 Planning Guide

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/71/auth_manager_planning_guide.pdf

 

RSA Authentication Manager 7.1 RADIUS Reference Guide

https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/71/RADIUS_Ref.pdf

 

Legacy Article IDa38184

Attachments

    Outcomes