This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
RyotaNakaoka
Contributor Contributor
Contributor
‎2020-11-12 02:39 AM

What case "Agent IP" and "Client IP" become Authentication Manger own IP address when authenticate with RADIUS client?

Question:
What case "Agent IP" and "Client IP" become Authentication Manger own IP address when authenticate with RADIUS client?

 

Background:
A customer recorded that "Agent IP" and "Client IP" were Authentication Manger own IP address in Authentication log.
The end-user, when this case was occurred, had any error nothing like authentication failuer. So, the customer would like to know what case this is occurred.
The customer use RADIUS client,CISCO ASA , to authenticate with AM.

 

The log is that:

Log LevelDate and TimeAction IDActivity KeyDescriptionAction Result KeyResult KeyResultUser IDUser First NameUser Last NameUser Security DomainUser Identity SourceAgent TypeAgent NameAgent IPAgent Security DomainAuthentication MethodPolicy ExpressionArgument 1Argument 2Argument 3Argument 4Argument 5Argument 6Argument 7Argument 8Token Serial NumberArgument 10Instance NameClient IPv4Client IPv6Server Node IPMore ArgumentsActor GUIDSession ID
ERROR2020/xx/xx 09:44:30.00013002Principal authenticationUser “xx07343” attempted to authenticate using authenticator “OnDemand”. The user belongs to security domain “SystemDomain”FailureAUTHN_METHOD_FAILEDAuthentication method failedxx07343xxxx@test.localxxSystemDomainInternal Database7am-pri.test.local192.168.11.11SystemDomainOnDemand AUTHN_LOGIN_EVENT63    22360c2a0b31bd855954a6f55a032ab5xxxx@test.local am-pri.test.local192.168.11.11 192.168.11.11 b2751e520b31bd8571c5b198f736a14cc1128e5e0b31bd8516fe58c2ecf55b47-lrGOTdQNoSLH
ERROR2020/xx/xx 11:27:29.00013002Principal authenticationUser “xx80026” attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “SystemDomain”FailureAUTHN_METHOD_FAILED_SYNTAX_ERRORAuthentication method failed, passcode format errorxx980026xx980026xxSystemDomainInternal Database7am-pri.test.local192.168.11.11SystemDomainSecurID_Native AUTHN_LOGIN_EVENT63       am-pri.test.local192.168.11.11 192.168.11.11 0f4c7f8c0b31bd851f676e7988876ccd8e73e07f0b31bd8567e69c18f8ec7902-Ne2STZNsnNdl
ERROR2020/xx/xx 13:50:51.00013002Principal authenticationUser “xx91536” attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “SystemDomain”FailureAUTHN_METHOD_FAILED_SYNTAX_ERRORAuthentication method failed, passcode format errorxx991536xx991536xxSystemDomainInternal Database7am-pri.test.local192.168.11.11SystemDomainSecurID_Native AUTHN_LOGIN_EVENT63       am-pri.test.local192.168.11.11 192.168.11.11 0efd5a390b31bd855792980523443b21e33da23c0b31bd856fc75f2bb1df97b4-+sKMcC8Fs9rk
ERROR2020/xx/xx 08:06:13.00013002Principal authenticationUser “xx07322” attempted to authenticate using authenticator “OnDemand”. The user belongs to security domain “SystemDomain”FailureAUTHN_METHOD_FAILEDAuthentication method failedxx07322xxxx@test.localxxxxSystemDomainInternal Database7am-pri.test.local192.168.11.11SystemDomainOnDemand AUTHN_LOGIN_EVENT63    9e65a5320b31bd853607a68f36c02375xxxx@test.local am-pri.test.local192.168.11.11 192.168.11.11 9de1b0b10b31bd8512c067105bf20672056e6f2e0b31bd85568b22899c6450ba-884RKO5K/JPX
ERROR2020/xx/xx 15:25:11.00013002Principal authenticationUser “xx04154” attempted to authenticate using authenticator “OnDemand”. The user belongs to security domain “SystemDomain”FailureAUTHN_METHOD_FAILEDAuthentication method failedxx04154xxxx@test.localxxxxSystemDomainInternal Database7am-pri.test.local192.168.11.11SystemDomainOnDemand AUTHN_LOGIN_EVENT63    928a7e610b31bd857f37aaf8cd3a1b88xxxx@test.local am-pri.test.local192.168.11.11 192.168.11.11 e163c8aa0b31bd857a16f80012521da64c43f8540b31bd857b2eeaf92c39b86a-GyDfHjKL7veO

 

 

 

 

Then, this was recorded in radius log on that time.

/opt/rsa/am/server/logs/RADIUS/YYYYMMDD.log
xx/xx/2020 15:25:11 Unable to find user xx04154 with matching password
xx/xx/2020 15:25:11 Sent reject response

 

I understand that this error will be occurred when a user mistake to enter Passcode or invalid Secret key on RADIUS Client which is CISCO ASA in this case. But the user did not have any error. In addition,  I think that  "Agent IP" and "Client IP" ar does not become Authentication Manger own IP even though those case are occurred.

 

Ref:
000028896 - Troubleshooting RSA Authentication ... | RSA Link
https://community.rsa.com/docs/DOC-46250

 

Labels (1)
0 Likes
Reply
1 Reply
RyotaNakaoka
Contributor Contributor
Contributor
‎2020-11-15 08:08 PM

This is an additional information,  CheckUserAllowedByClient is set 1 in securid.ini.

 

 /opt/rsa/am/radius/securid.ini
; SecurID General options
[Configuration]
Enable = 1
CheckUserAllowedByClient = 1
;DefaultProfile = DEFAULT
;AllowSystemPins = 0
0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.