Before running a modify command that will affect the tokens ability to authenticate, please discuss your issue with RSA Customer Support. While editing the token offset is a way to restore authentication to tokens that are out of the acceptable token authentication window, it is possible that editing the token offset for all tokens will put tokens that are authenticating properly into into a non-functional state.
Note that during Quick Setup another user name may have been selected. Use that user name to login.
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Note that the administrator user ID and password requested must be for an administrative user in the internal database.
rsaadmin@am82p:~> cd /opt/rsa/am/utils
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil sync-tokens -I
Authenticator Bulk Synchronization Utility 8.1.1.8.0 (1380648)
Copyright (C) 1994 - 2014 EMC Corporation. All Rights Reserved.
Enter the absolute path for the output report file : /tmp/token_report.txt
Enter the base security domain name for recursive search [(none)]: <press Enter to select none>
Enter the type of token selection [ (all) | file ]: <press Enter to select all>
Choose a token filter [ assigned | unassigned | (both) ]: <press Enter to select both>
What action do you wish to perform? [ (list) | modify ]:<press Enter to select list>
Enter administrator user ID : <enter the name of a SuperAdmin user>
Enter administrative password : <enter the password for the SuperAdmin user>
Authenticator Bulk Synchronization Utility 8.1.1.8.0 (1380648)
Copyright (C) 1994 - 2014 EMC Corporation. All Rights Reserved.
rsaadmin@am82p:/opt/rsa/am/utils> cat /tmp/token_report.txt
# Token | Clock Offset |
Next Tokencode |
Last Login |
000116033640 | 0 | false | None |
000116033641 | 0 | false | None |
000116033642 | 0 | false | None |
000116033643 | 0 | false | None |
000116033644 | 0 | false | None |
000116033645 | 0 | false | None |
000116033646 | 0 | false | None |
000116033647 | 0 | false | None |
000116033648 | 0 | false | None |
000116033649 | 0 | false | None |
000116033650 | 0 | false | None |
000116033651 | 0 | false | None |
000116033652 | 0 | false | None |
If modifying the offset values is necessary, take a backup of the database before continuing. From the Operations Console select Maintenance > Backup and Restore > Back Up Now.
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil sync-tokens -I
Authenticator Bulk Synchronization Utility 8.1.1.8.0 (1380648)
Copyright (C) 1994 - 2014 EMC Corporation. All Rights Reserved.
Enter the absolute path for the output report file : /tmp/sync_token.txt
Enter the base security domain name for recursive search [(none)]: <press Enter to select none>
Enter the type of token selection [ (all) | file ]: <press Enter to select all>
Choose a token filter [ assigned | unassigned | (both) ]: <press Enter to select none>
What action do you wish to perform? [ (list) | modify ]: <type modify to select modify>
Enter type of clock offset value [ absolute | relative | (none)]: <type absolute to select absolute>
Enter clock offset value [0]: <press Enter to select 0>
Do you want to reset the Next Tokencode Mode? [ y/n ]: y
Do you want to reset the last login date and time? [ y/n ]: n
Do you want to clear user lockout information? [ y/n ]: y
Do you want to reset the shutdown date? [ y/n ]: n
Enter administrator user ID : <enter the name of a super admin user>
Enter administrative password : <enter the password for the super admin user>
Authenticator Bulk Synchronization Utility 8.1.1.8.0 (1380648)
Copyright (C) 1994 - 2014 EMC Corporation. All Rights Reserved