This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
TChandler
Contributor
Contributor
‎2018-11-08 12:42 PM

How do you configure RSA RADIUS to use username, password and tokencode?

Jump to solution

I would like to require that users enter their username, password and RSA token when authenticating through RADIUS. As of right now when utilizing NTRadPing only the username and RSA token are required for successful authentication.

Is there a setting somewhere to force a challenge response so that an additional authentication method is required?

0 Likes
Reply
1 Solution

Accepted Solutions
EdwardDavis
Employee
Employee
‎2018-11-08 01:03 PM

Jump to solution

Inside RSA Authentication Manager by itself, no, it is userid and token only. Any further password processing would be up to the radius device to be able to have it's own way of asking for and submitting the ldap password to the ldap store (AD).

 

If you integrate with RSA Securid Access [with the IDR 'identity router' and whatnot]...you can set up ldap password and step-up token authentication, so both password and token would be needed. But ldap password auth is not possible in just RSA Authentication Manager by itself*. 

 

*With windows agents and 'windows password integration' it appears as though RSA Authentication Manager is handling ldap passwords, but it really isn't... it is the Windows OS that handles it...RSA Authentication Manager simply can replay a previously captured password and hand it to the windows logon silently in the background, and windows logon checks the password against the domain.

View solution in original post

Reply
1 Reply
EdwardDavis
Employee
Employee
‎2018-11-08 01:03 PM

Jump to solution

Inside RSA Authentication Manager by itself, no, it is userid and token only. Any further password processing would be up to the radius device to be able to have it's own way of asking for and submitting the ldap password to the ldap store (AD).

 

If you integrate with RSA Securid Access [with the IDR 'identity router' and whatnot]...you can set up ldap password and step-up token authentication, so both password and token would be needed. But ldap password auth is not possible in just RSA Authentication Manager by itself*. 

 

*With windows agents and 'windows password integration' it appears as though RSA Authentication Manager is handling ldap passwords, but it really isn't... it is the Windows OS that handles it...RSA Authentication Manager simply can replay a previously captured password and hand it to the windows logon silently in the background, and windows logon checks the password against the domain.

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.