How to successfully authenticate users via RSA ACE/Server on UNIX when using Network Address Translation (NAT)
Originally Published: 2000-06-19
Article Number
Applies To
UNIX (AIX, HP-UX, Solaris)
Sun Solaris / SPARC
A Node verification failure will occur when a user is trying to authenticate to a client machine that has a missing key and/or the "sent node secret" box for the client is unchecked and the node secret has already been sent. The securid file (aka the node secret) is created and sent when the authentication is successful. The node secret is a string of pseudorandom data known only to the client and the ACE/Server. The securid file resides on the client machine in the ace/data directory. An important component of this file is the correct IP address of the client machine.
Issue
Users unable to authenticate
Error: "Node verification failed" in ACE/Server logs
When a user tries to authenticate to a SecurID protected resource, a node verification failure with the NAT address (Network Address Translation) appears in the ACE/Server log monitor.
Cause
The NAT address was not placed in the secondary nodes of the client.
Resolution
In an environment not using NAT, the ACE/Server administrator would simply use the administration utility to add a client machine to the database, activate a user on that machine, and then successfully authenticate to the client.
In an environment where NAT is being used, a dummy name must be given to the NAT address and placed with the IP address in the /etc/hosts file as well as the secondary nodes. Remove the securid file (if it exists) from the client's /ace/data directory and attempt to authenticate. This will create and send the correct securid file, allowing users to authenticate and node verification failures to end.
Notes
Related Articles
How to configure firewall's dynamic network address translation on multiple internal clients to an external RSA ACE/Server Number of Views Remote Administration to server through a firewall doing Network Address Translation Number of Views Errors: ?User not in database? and 'User not on Agent Host' in ACE/Server activity log when trying to authenticate via RAD… Number of Views RSA Authentication Manager has stopped authenticating users when using an evaluation license Number of Views How to install and activate RSA ACE/Server Replica on UNIX: QuickNotes Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Identity Router Security Update for Third-Party Component Vulnerabilities
Don't see what you're looking for?
