SecurID^® Discussions

ChrisLewis1 · ‎2017-01-18

Hi,

I am unable to log into the security console with AD accounts that have been previously added to the SuperAdmin group or any other group.

It works If I create a new user within AD and add it to the group. It doesn't work for the 10+ admins that were added to the group years ago. I've tried to remove/re-add the users and I've cleared the password cache and rebooted the appliance.

Any ideas?

Thanks in advance

ChrisLewis1 · ‎2017-01-18

I've worked it out.

The RSA password policy was set to Require periodic password changes which wasnt in line with our AD policy

View solution in original post

EdwardDavis · ‎2017-01-18

Log into security console, as an internal database superadmin.

Run reports, real time, authentication activity report and system activity report. start them both

Use a different browser, and now try to log in with one of the accounts having problems, what

shows up in the two real time monitors ?

ChrisLewis1 · ‎2017-01-18

Hi Edward,

I was actually trying this already while reading your reply.

The new account works. "Authentication method success" It uses LDAP_Password, security domain "System Domain"

The old account fails "Authentication method failed" It uses LDAP_Password, security domain "System Domain"

Nothing is displayed in the System activity report

Thanks

Chris

ChrisLewis1 · ‎2017-01-18

I've worked it out.

The RSA password policy was set to Require periodic password changes which wasnt in line with our AD policy

SecurID^® Discussions

Unable to log into the RSA security console with old admin accounts

RSA Authentication Manager

SecurID® Discussions

Unable to log into the RSA security console with old admin accounts

RSA Authentication Manager

SecurID^® Discussions