This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
SriPrasanna
Contributor
Contributor
‎2022-01-17 11:55 AM

How can we test free radius for SET New PIN and Next Tokencode mode with AM using NTRadPING

Jump to solution

How can we test free radius for SET New PIN and Next Tokencode mode with AM using NTRadPING

Like in article for SBR we use below

https://community.rsa.com/t5/securid-access-knowledge-base/how-to-set-pins-and-navigate-next-tokencode-mode-for-rsa-securid/ta-p/7280

 

 

Reply
1 Solution

Accepted Solutions
BharathMadhiraj
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2022-01-26 05:36 AM

Jump to solution

@SriPrasanna @Marcin 

Same steps hold good for 8.6 and up with minimal changes 

Create a test RADIUS client

Unlike make/model be set - Standard RADIUS for the previous version's of AM running SBR - For AM 8.6 and up create a test RADIUS client with make/model as - FreeRADIUS

1. Login to the Security Console and navigate to RADIUS > RADIUS Client > Add New.
2. Enter information to register your local machine as a RADIUS client.
  1. Enter a client name and the IP address of your machine.
  2. set the make/model as - FreeRADIUS  -
  3. Create a RADIUS shared secret, such as 12345.  You will need to enter this secret into the NTRadPing interface, so make a note of it.
  4. Click Save & Create Associated RSA Agent.
  5. Click Save when prompted.
  6. Click Yes, Save Agent.

Free radius.jpg

 

 

 

Following differences would be noted in the RADIUS server reply :

Unlike short state values with SBR RADIUS server responses over the earlier version of AM. State values of AM 8.6 and up with FreeRADIUS are longer 

When a new fixed passcode was sent to the RADIUS server, the response we get back is an Access-Challenge, as shown here:

1.jpg

 
RADIUS Server reply: 
response: Access-Challenge
----------------------------attribute dump-----------------------------
Reply-Message=\0x0d\0x0a Enter your new PIN having from 4 to 8 ....
State=RSA|cb3c9a64-6f94-493c-82fd-233c11677c51|868a764f-bdf1-4c86-93cc-bea84f0b9c7a|SECURID_NEWPIN

2 consolidated.jpg

 

RADIUS Server reply:

response: Access-Challenge
----------------------------attribute dump-----------------------------
Reply-Message=\0x0d\0x0a Please re-enter new PIN:
State=RSA|cb3c9a64-6f94-493c-82fd-233c11677c51|7e87113d-5d51-4489-8b2c-106b9cdf74aa|SECURID_NEWPIN_CONFIRM

3 consolidated.jpg

 

 
RADIUS Server reply: 
response: Access-Challenge
----------------------------attribute dump-----------------------------
Reply-Message=\0x0d\0x0a Wait for the token code to change
Reply-Message=\0x0d\0x0a then enter the new passcode:
State=RSA|cb3c9a64-6f94-493c-82fd-233c11677c51|84789bc6-dbdd-485e-a298-2530f63eb72c|SECURID
4.jpg
 

 

View solution in original post

Reply
3 Replies
Marcin
Occasional Contributor
Occasional Contributor
‎2022-01-18 07:41 AM

Jump to solution

A tool worth recommending, old but very useful, I've been using it since 2008.

Reply
BharathMadhiraj
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2022-01-26 05:36 AM

Jump to solution

@SriPrasanna @Marcin 

Same steps hold good for 8.6 and up with minimal changes 

Create a test RADIUS client

Unlike make/model be set - Standard RADIUS for the previous version's of AM running SBR - For AM 8.6 and up create a test RADIUS client with make/model as - FreeRADIUS

1. Login to the Security Console and navigate to RADIUS > RADIUS Client > Add New.
2. Enter information to register your local machine as a RADIUS client.
  1. Enter a client name and the IP address of your machine.
  2. set the make/model as - FreeRADIUS  -
  3. Create a RADIUS shared secret, such as 12345.  You will need to enter this secret into the NTRadPing interface, so make a note of it.
  4. Click Save & Create Associated RSA Agent.
  5. Click Save when prompted.
  6. Click Yes, Save Agent.

Free radius.jpg

 

 

 

Following differences would be noted in the RADIUS server reply :

Unlike short state values with SBR RADIUS server responses over the earlier version of AM. State values of AM 8.6 and up with FreeRADIUS are longer 

When a new fixed passcode was sent to the RADIUS server, the response we get back is an Access-Challenge, as shown here:

1.jpg

 
RADIUS Server reply: 
response: Access-Challenge
----------------------------attribute dump-----------------------------
Reply-Message=\0x0d\0x0a Enter your new PIN having from 4 to 8 ....
State=RSA|cb3c9a64-6f94-493c-82fd-233c11677c51|868a764f-bdf1-4c86-93cc-bea84f0b9c7a|SECURID_NEWPIN

2 consolidated.jpg

 

RADIUS Server reply:

response: Access-Challenge
----------------------------attribute dump-----------------------------
Reply-Message=\0x0d\0x0a Please re-enter new PIN:
State=RSA|cb3c9a64-6f94-493c-82fd-233c11677c51|7e87113d-5d51-4489-8b2c-106b9cdf74aa|SECURID_NEWPIN_CONFIRM

3 consolidated.jpg

 

 
RADIUS Server reply: 
response: Access-Challenge
----------------------------attribute dump-----------------------------
Reply-Message=\0x0d\0x0a Wait for the token code to change
Reply-Message=\0x0d\0x0a then enter the new passcode:
State=RSA|cb3c9a64-6f94-493c-82fd-233c11677c51|84789bc6-dbdd-485e-a298-2530f63eb72c|SECURID
4.jpg
 

 
Reply
SriPrasanna
Contributor
Contributor
In response to BharathMadhiraj
‎2022-01-27 01:15 AM

Jump to solution

Thanks @BharathMadhiraj for your response.

I will give this a try.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.