000025135 - Error: 'Node verification failed' in activity monitor when trying to authenticate

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025135
Applies ToRSA Authentication Agent 5.3.4 for PAM
RSA Authentication Agent 5.0 for PAM
IBM AIX 5.3
IssueError: "Node verification failed" in activity monitor when trying to authenticate
RSA Authentication Agent for PAM does not work after upgrading operating system from IBM AIX 5.1 to 5.3
CauseOperating System has been upgraded from AIX 5.1 to AIX 5.3
RSA Authentication Agent for PAM has to be upgraded to 5.3.4 in order to work on AIX 5.3 but the location of node secret is not same.
RSA Authentication Agent for PAM authentication is enabled in etc/security/users file in AIX 5.1. In AIX 5.3, a different file has to be modified to enable PAM authentication.
Resolution1. Please note the location of securid file on the IBM AIX machine after upgrading the Agent. Copy the securid file to the /var/ace/ directory. Alternatively, set the variable VAR_ACE pointing to the location of securid file ( example export VAR_ACE=/opt/ace/data).

2. Try the authentication with /pam/bin/acetest. If you still notice "node verification failure" on the log monitor do the following:

  a. Delete the securid file on AIX machine

  b. Edit the Agent host on Auth. manager and clear the node secret for the AIX machine in question

  c. Try the authentication again using/pam/bin/acetest

3. Edit etc/security/login.cfg file - comment the line as follows:

    #auth_type=STD_AUTH

Enable RSA Authentication Agent for PAM add the below line:

    auth_type=PAM_AUTH

4. Edit the /etc/pam.conf file and enable telnet, or log in as described on page 14 of the RSA Authentication Agent 5.3.4 for PAM Installation and Configuration Guide for challenging users in a group.
Legacy Article IDa30913

Attachments

    Outcomes