Article Number
000012230
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.0, 8.1
Issue
This article explains how to fix the RADIUS configuration on an RSA Authentication Manager 8.0 or 8.1 replica when RADIUS does not authenticate users.
The /opt/rsa/am/radius/sbrepsetuptool.log shows the following message:
WARNING: Failed to resolve FQDN.
Failed to initialize communications for SecurID authentication (result = 23).
Unable to find user <username> with matching password.
Cause
The replica RSA Authentication Manager server was set up before DNS was properly configured for the replica. This causes the sbrsetup tool to fail the lookup of the replica server on the primary.
Resolution
Some of these commands begin with the characters ./
To resolve the issue, follow the steps below:
- On the replica server that is not allowing RADIUS authentication, establish an SSH session as the operating system user.
Note that during Quick Setup another user name may have been selected. Use that user name to login.
- Navigate to /opt/rsa/am/server:
cd /opt/rsa/am/server
- Stop the RADIUS service and the RADIUS Operations Console service:
./rsaserv stop radius
./rsaserv stop radiusoc
- Navigate back to the RADIUS directory.
- Run the sbrsetuptool to define the server as a RADIUS replica:
cd /opt/rsa/am/radius
./sbrsetuptool -identity REPLICA
- Navigate to /opt/rsa/am/server:
cd ../server
- Restart the RADIUS service and the RADIUS Operations Console service:
./rsaserv start radius
./rsaserv start radiusoc
