- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Removing a user from next tokencode mode
Is there a way to remove a user from next tokencode mode without having to get on the phone with the user?
- Tags:
- Auth Manager
- auth mgr
- Authentication
- Authentication Manager
- Authenticator
- Authenticators
- Community Thread
- Discussion
- Forum Thread
- next tokencode
- next tokencode mode
- ntc
- RSA SecurID
- RSA SecurID Access
- SecurID
- Token
- Token Auth
- Token Authentication
- Token Authenticator
- Token Authenticators
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have moved this thread to the https://community.rsa.com/community/products/securid?sr=search&searchId=47e7c052-d37b-47ea-b35e-0692ac5586e8&searchIndex=0 page so that you can get an answer to your question.
Thanks,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
There is a utility you can use from the AM server command line to reset next tokencode mode for any number of tokens you want or for all of them. However, please note that next tokencode mode is sometimes needed to re-synchronize the token when having a slight time difference from the server, so you should keep it unlesss necessary.
To use the utility you can follow the below steps:
1- Open an SSH session to the AM server.
2- Run the below commands to move to the utilities directory:
# cd /opt/rsa/am/utils/
3- To reset next tokencode mode for ALL tokens use the below command:
# ./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o <output file path> -a -n
e.g:
# ./rsautil sync-tokens -u superadmin -p "pa$$W0rd" -o /tmp/out.txt -a -n
4- To reset next tokencode mode for SOME tokens, you will first need to create a file on the AM server with all serial numbers of tokens you need to reset each in a newline as shown in the below example:
# cat /tmp/tokens
000113474499
000113474500
000113474501
Then you need to run the below command:
# ./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o <output file path> -f <path of token file> -n
e.g:
# ./rsautil sync-tokens -u superadmin -p "pa$$W0rd" -o /tmp/out.txt -f /tmp/tokens -n
Please check and let me know if this meets your requirements.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well you can fix the symptom of Next token code mode by the following:
1. Login to the Security Console > Users > Locate the user with problems > Click on the arrow beside the user to open the context menu > Authentication Settings > Check the "Clear incorrect passcodes" check box > Save. That should remove all his tokens from next token-code mode.
However this will not fix the cause of it. If its just due to typing mistakes of the token code more than once, then he should be ok on the next login. However if his token is out of sync, then he will keep failing authentication till he hits next-token code mode again. At that point you need to re-synchronise his token from the Security Console.
