This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
MuhammadElBassi
Beginner
Beginner
‎2017-10-31 07:44 AM

Passcode Format Error with SWIFT integration

Hi All,

 

we are trying to configure the SWIFT application to send the authentication to the RSA server running version 8.2 SP1 using RADIUS protocol, however on the real time monitor on the RSA server we are getting "Passcode Format Error"

 

Has any one faced this issue before with the SWIFT integration.

Labels (1)
Labels
0 Likes
Reply
2 Replies
EdwardDavis
Employee
Employee
‎2017-10-31 09:25 AM

Typically with radius and passcode format error, the shared secret is not correct.

 

Confirm by: doing a packet capture of the radius traffic.

 

Open in wireshark, go to preferences, radius protocol, and put in the shared secret you think should be in use,

and look at packet and the password field. If the correct shared secret is in place, the user-password field will be the passcode. If the secret is incorrect, it will be garbage (which throws passcode format errors).

 

example

On the rsa server that gets the incoming radius request…

 

log in to command line as rsaadmin

become root with

 

 

sudo su -

and rsaadmin password again

 

 

1) run tcpdump to capture the traffic and save to a pcap file

 

exmaple

 

tcpdump -i eth0 udp port 1812 -nn -s 0 -w /tmp/pcap.cap

 

here I use port 1812, it may be port 1645

 

NOTE: you could use host argument to narrow it down further if there

is a lot of radius traffic to weed through

 

tcpdump -i eth0 udp port 1812 and host ip-of-radius-client -nn -s 0 -w /tmp/pcap.cap

 

 

2) do the auth, see the error in rsa log, then ctrl-c out of tcpdump

 

3) use sftp (winscp, filezilla...putty file transfer..) to log in as rsaadmin

and to move the /tmp/pcap.cap file to a system that runs wireshark and check it out

 

 

pastedImage_1.png

0 Likes
Reply
MuhammadElBass2
Beginner
Beginner
In response to EdwardDavis
‎2017-11-16 06:20 AM

Hi Edward,

 

Thanks for the information it was helpful for us. we were able to successfully do the integration.

 

The issue was that on the SWIFT application there are two admin users LSO and RSO. Each of them will create a subset of the RADIUS shared key on the SWIFT application and on the RSA server you have to provide both subsets as 1 shared key in the RADIUS configuration.

 

The reason that we were getting the error “Passcode Format Error” is that the customer provided 1 subset only from the shared key so it was not able to decrypt the password field.

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.