000033237 - Replica fail over is not working on PAM agent version v7.1.0.149.01 for RSA Authentication Manager

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033237
Applies To
RSA Product Set: SecureID 
   RSA Version/Condition: PAM agent 
   Platform: linux
   O/S Version: 7.1.0.149.01
Issue
  • Expected behavior: When the primary unavailable, the replica server should authenticate the user request.
  • Actual behavior: The authentication request fails, the auth request is not sent over to the replica server, the user prompted for password vs passcode, and authentication fails although sdopts.rec is configured properly
Steps to reproduce the issue:
  1. Stop the services on the primary server
    on AM 8.1
    /opt/rsa/am/server/rsaserv stop all
    on AM 7.1
    /RSA_AM_HOME/server/rsaam stop all

  2. Try to authenticate from acetest
    [root@DPMJP 64bit]# ./acetest 
    Cannot communicate with the ACE/Server.

CauseReplica fail over is not working properly on this PAM agent version, reference AAPAM-504 and AAPAM-507
ResolutionUninstall this old version and install the latest one v7.1.0.1.25 or , download link below:
https://www.rsa.com/en-us/products-services/identity-access-management/securid/authentication-agents/authentication-agents-for-pam
 

Attachments

    Outcomes