This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Announcements
SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
- RSA Community
- :
- Products
- :
- SecurID
- :
- Knowledge Base
- :
- Identity source communications check for RSA Authentication Manager 8.3 or later
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Identity source communications check for RSA Authentication Manager 8.3 or later
Article Number
000039112
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.3 or later
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.3 or later
Issue
This article explains how to check for the presence of LDAP or LDAPS ports that RSA Authentication Manager uses in an identity source configuration. Default ports are 389/TCP or 636/TCP. A Linux shell script is attached with which the task can be performed.
Resolution
The attached Linux shell script must be run with root privileges and requires the Operations Console username and password to access the data. The script uses the host names and ports that are obtained from the Directory URL/Directory Failover URL values from the Operations Console. It checks for the presence of the LDAP or LDAPS ports that are used in the identity source configuration.
Option 2 uses the RSA Authentication Manager LDAP slot data to perform a hostname and IP address lookup using DNS. It then checks for the presence of the LDAP or LDAPS ports. For example:
Option 3 uses the RSA Authentication Manager LDAP slot data to perform a hostname and IP address lookup using DNS. It then checks for the presence of the LDAP and LDAPS ports and generates a report. For example:
Installation
- Download and copy the attached is_commcheck.sh shell script into the /tmp folder on an RSA Authentication Manager instance in the deployment.
- Review the following article on how to enable Secure Shell on the Appliance, if needed. Where SSH has been enabled, a secure FTP client, such as WinSCP can be used to copy the shell script into the /tmp folder.
- Change the permissions of the is_commcheck.sh so it can be run at the command line:
chmod 755 /tmp/is_commcheck.sh
Usage
- Log in to the RSA Authentication Manager instance with the rsaadmin account, either in an SSH session or at the local console.
During Quick Setup, another username may have been selected. Use that username to log in.
- Change the privileges of the rsaadmin account:
sudo su -
If you do not change the privileges of the rsaadmin account, the following message appears:
You must be the root user to use this program; exiting...- Go to /tmp:
cd /tmp- The shell script can be run in one of two ways, as Operations Console user credentials are required. In the first example, the Operations Console administrator password will be displayed in clear text, while in the second option it is masked.
-
Option 1
cd /tmp
./is_commcheck.sh <Operations Console administrator name> <Operations Console administrator password>
Checking OC credentials...
OC credentials validated... redirecting to menu...-
Option 2
cd /tmp
./commcheck.sh
Checking OC credentials....missing OC credentials!
Please enter OC Administrator username: <Operations Console administrator name>
Please enter OC Administrator password: <Operations Console administrator password>
OC credentials validated... redirecting to menu...
- The shell script menu displays:
RSA Customer Support (Asia Pacific)
RSA AM LDAP/LDAPS Communications Check Program
1) Display AM LDAP Slot Data
2) Perform Identity Source Communications Check
3) Generate a Report on Identity Source Communications
9) Exit
Please select an option
Option 1: Display AM LDAP Slot Data
Option 1 extracts the RSA Authentication Manager LDAP slot names from the database. For example:
RSA Customer Support (Asia Pacific)
RSA AM LDAP/LDAPS Communications Check Program
1) Display AM LDAP Slot Data
2) Perform Identity Source Communications Check
3) Generate a Report on Identity Source Communications
9) Exit
Please select an option
1
- retrieving LDAP Slot Data..
- AM LDAP slot name: ims.ldap-slots.0-global.primary-url
-- Value: ldaps://192.168.31.35:636
- AM LDAP slot name: ims.ldap-slots.2-global.secondary-url
-- Value: ""
- AM LDAP slot name: ims.ldap-slots.3-global.primary-url
-- Value: ldap://harley.csau.ap.rsa.net
- AM LDAP slot name: ims.ldap-slots.3-global.secondary-url
-- Value: ""
- AM LDAP slot name: ims.ldap-slots.0-global.secondary-url
-- Value: ldap://192.168.31.20:389
- AM LDAP slot name: ims.ldap-slots.2-global.primary-url
-- Value: ldap://harley.csau.ap.rsa.net:3268
- AM LDAP slot name: ims.ldap-slots.1-global.primary-url
-- Value: ldap://192.168.31.26:389
- AM LDAP slot name: ims.ldap-slots.1-global.secondary-url
-- Value: ""
- done!
NOTE: no checks are performed where the returned Value for the LDAP slot name is ""
Press any key to continue...
Option 2: Perform Identity Source Communications Check
Option 2 uses the RSA Authentication Manager LDAP slot data to perform a hostname and IP address lookup using DNS. It then checks for the presence of the LDAP or LDAPS ports. For example:
RSA Customer Support (Asia Pacific)
RSA AM LDAP/LDAPS Communications Check Program
1) Display AM LDAP Slot Data
2) Perform Identity Source Communications Check
3) Generate a Report on Identity Source Communications
9) Exit
Please select an option
2
LDAP/LDAPS Communication Checks
-------------------------------
- reporting on Directory URLs and Directory Failover URLs with values
Performing Name Resolution on 192.168.31.35
Server: 192.68.31.20
Address: 192.68.31.20#53
35.31.168.192.in-addr.arpa name = harley.csau.ap.rsa.net.
Checking ports 389/tcp & 636/tcp on 192.168.31.35
- 192.168.31.35 on port 389/tcp success
- 192.168.31.35 on port 636/tcp success
Performing Name Resolution on harley.csau.ap.rsa.net
Server: 192.168.31.20
Address: 192.168.31.20#53
Name: harley.csau.ap.rsa.net
Address: 192.168.31.35
Performing Name Resolution on 192.168.31.20
Server: 192.168.31.20
Address: 192.168.31.20#53
20.31.168.192.in-addr.arpa name = dynaglide.csau.ap.rsa.net.
Checking ports 389/tcp & 636/tcp on 192.168.31.20
- 192.168.31.20 on port 389/tcp success
- 192.168.31.20 on port 636/tcp success
Performing Name Resolution on harley.csau.ap.rsa.net
Server: 192.168.31.20
Address: 192.168.31.20#53
Name: harley.csau.ap.rsa.net
Address: 192.168.31.35
Checking port 3268 on harley.csau.ap.rsa.net
- harley.csau.ap.rsa.net on port 3268/tcp success
Performing Name Resolution on 192.168.31.26
Server: 192.168.31.20
Address: 192.168.31.20#53
26.31.168.192.in-addr.arpa name = svcs-amprimekit.csau.ap.rsa.net.
26.31.168.192.in-addr.arpa name = selfserv-portal.csau.ap.rsa.net.
Checking ports 389/tcp & 636/tcp on 192.168.31.26
- 192.168.31.26 on port 389/tcp success
- 192.168.31.26 on port 636/tcp FAILED
Done!
Press any key to continue...
Option 3: Generate a Report on Identity Source Communications
Option 3 uses the RSA Authentication Manager LDAP slot data to perform a hostname and IP address lookup using DNS. It then checks for the presence of the LDAP and LDAPS ports and generates a report. For example:
RSA Customer Support (Asia Pacific)
RSA AM LDAP/LDAPS Communications Check Program
1) Display AM LDAP Slot Data
2) Perform Identity Source Communications Check
3) Generate a Report on Identity Source Communications
9) Exit
Please select an option
3
- generating report: /tmp/iscommcheck_202007121612.log
- done!
Press any key to continue...
am84p:/tmp # cat /tmp/iscommcheck_202007121612.log
RSA Customer Support (Asia Pacific) (1621-12072020)
LDAP/LDAPS Communication Check Report
-------------------------------------
- reporting on Directory URLs and Directory Failover URLs with values
Performing Name Resolution on 192.168.31.35
Server: 192.168.31.20
Address: 192.168.31.20#53
35.31.168.192.in-addr.arpa name = harley.csau.ap.rsa.net.
Checking ports 389/tcp & 636/tcp on 192.168.31.35
- 192.168.31.35 on port 389/tcp success
- 192.168.31.35 on port 636/tcp success
Performing Name Resolution on harley.csau.ap.rsa.net
Server: 192.168.31.20
Address: 192.168.31.20#53
Name: harley.csau.ap.rsa.net
Address: 192.168.31.35
Performing Name Resolution on 192.168.31.20
Server: 192.168.31.20
Address: 192.168.31.20#53
20.31.168.192.in-addr.arpa name = dynaglide.csau.ap.rsa.net.
Checking ports 389/tcp & 636/tcp on 192.168.31.20
- 192.168.31.20 on port 389/tcp success
- 192.168.31.20 on port 636/tcp success
Performing Name Resolution on harley.csau.ap.rsa.net
Server: 192.168.31.20
Address: 192.168.31.20#53
Name: harley.csau.ap.rsa.net
Address: 192.168.31.35
Checking port 3268 on harley.csau.ap.rsa.net
- harley.csau.ap.rsa.net on port 3268/tcp success
Performing Name Resolution on 192.168.31.26
Server: 192.168.31.20
Address: 192.168.31.20#53
26.31.168.192.in-addr.arpa name = selfserv-portal.csau.ap.rsa.net.
26.31.168.192.in-addr.arpa name = svcs-amprimekit.csau.ap.rsa.net.
Checking ports 389/tcp & 636/tcp on 192.168.31.26
- 192.168.31.26 on port 389/tcp success
- 192.168.31.26 on port 636/tcp FAILED
** end of report **
am84p:/tmp #Tags (41)
- 8
- 8.3
- 8.3.x
- 8.4
- 8.4.x
- 8.x
- Access
- AM
- Appliance
- Auth Manager
- Authentication Manager
- Customer Support Article
- Helpful Hints
- How To
- Informational
- Instructions
- KB Article
- Knowledge Article
- Knowledge Base
- Process Steps
- RSA AM
- RSA Auth Manager
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
- RSA SecurID Suite
- SecurID
- SecurID Access
- SecurID Appliance
- SecurID Suite
- Tip & Tricks
- Tips and Tricks
- Tutorial
- Version 8
- Version 8.3
- Version 8.3.x
- Version 8.4
- Version 8.4.x
- Version 8.x
- Walk Through
- Walkthrough
No ratings
