000018850 - Dialback (or callback) fails with ACE/Server authentication

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018850
Applies ToRSA ACE/Server
Microsoft Windows NT 4.0
UNIX (AIX, HP-UX, Solaris)
Authentication via ACE/Server fails when using a NAS with Dialback (or callback).
IssueDialback (or callback) fails with ACE/Server authentication
CauseNormally, a NAS will cache the username and PASSCODE credentials before dialling back to the end-user. When the connection is re-made, the NAS will re-present the cached credentials for authentication. ACE/Server will reject the authentication attempt since any one PASSCODE can only be used once only. Note that authentication against a password held in the ACE/Server will work.
ResolutionSome NAS's can be reconfigured not to re-present the credentials for authentication.

An alternative (and secure) solution to this issue is to use a toll-free number. Once the authentication is successful, the end-user will gain access immediately. This is more secure since the connection is the same one that was authenticated. If dialback were made to work without reauthentication (or using cached credentials), there is no guarantee that the new connection is to the same end point as the one that had made the call previously.
Legacy Article IDa3744