acfreema (Customer) asked a question.
I am preparing a deployment without any access to any physical tokens, and the test authentication works with a fixed passcode, but actual authentication fails. When non-test authentication fails, there is nothing in the authentication monitor, and nothing in tcpdump on the authentication manager.
My installation is just an authentication manager (version 8.7), and authentication agent 7.4.5, both located in the same subnet (an always offline DMZ).
I just used tcpdump to see traffic with the system I'm trying to use for authentication, and the only traffic I see when trying to login with the PIN I created is three UDP packets sent from the authentication agent system (see attached jpeg). About 9 minutes later, another, larger packet is sent.
A couple of weeks ago, authentication _did_ work, but domain controller communication with the DMZ was broken for a day. Roughly since communication was restored, the only authentication that works is the test. Any ideas?
@acfreema (Customer) , can you confirm that the Authentication Manager services are running on your primary and replica(s)? See https://community.rsa.com/s/article/How-to-stop-start-and-restart-RSA-Authentication-Manager-8-x-services-at-the-command-line.
It might be your challenge setting.
Test Auth sends the request to your AM server, based on your sdconf.rec for UDP based agents or your .properties files with ReST based agents. But 'real' authentication is based on challenge, and with UDP agent the default should be challenge no-one - which is safest when setting up.
So It sounds like your authentiction request when to AD or Windows or local Linux because the user or all users are not challenged. That is why nothing shows in the AM real time monitor, because nothing went there.
Check AD logs, and check challenge settings.
Jay, that was the most useful assistance, because it was the right answer, just not in the way it looks.
I spoke with a nice guy in RSA's Philippine office late on Friday, and while we were going through several verifications of settings, the problem was "solved".
This is really a face-palm situation. I had RSA set to not challenge administrators, and the account I was using for testing had become an administrator when the domain controller came back after someone fixed whatever they had broken. Thanks Active Directory!
Glad to hear you figured it all out. Thanks for the feedback.