Enable system-generated PINs for RADIUS in RSA Authentication Manager 8.x
Originally Published: 2015-12-26
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
New PIN cancelled for user
Resolution
For a RADIUS client, in addition to enabling the System-generated PIN option in the token policy, you need also manually edit the securid.ini file and change the AllowSystemPins value to AllowSystemPins = 1.
You can edit this file from Operations Console by navigating to Deployment Configuration > RADIUS Server or you can edit /opt/rsa/am/radius/securid.ini via SSH.
From the UI
- Login to the primary Authentication Manager Operations Console.
- Select Deployment Configuration > RADIUS Servers > Edit RADIUS Server.
- Click the drop down arrow on the primary Authentication Manager server and choose Manage Server Files.
- Click on the drop down arrow next to the securid.ini file and choose Edit.
- Look for AllowSystemPins = 0.
- If the line is commented out with a semicolon, remove the semicolon.
- Change the 0 to a 1.
- When done, click Save & Restart RADIUS Server. This restart allows the change to take effect.
- From the primary's Operations Console, repeat steps 1 - 8 for each replica.
From an SSH session
- Using SSH to an RSA Authentication Manager server connect to the primary RSA Authentication Manager server.
- Login to the primary server:
login as: rsaadmin Using keyboard-interactive authentication. Password: <enter operating system password> Last login: Wed Dec 18 16:39:41 2019 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am
- Navigate to /opt/rsa/am/radius/securid.ini.
- Open the securid.ini file in a text editor:
rsaadmin@am84p:/opt/rsa/am/utils> cd /opt/rsa/am/radius rsaadmin@am84p:/opt/rsa/am/radius> vi securid.ini
- Search for the text of AllowSystemPins = 0.
- Press i to enter Insert mode.
- If the line is commented out with a semicolon, remove the semicolon.
- Change the 0 to a 1.
- Press Esc then type :wq! to save changes and close the file.
- Navigate to /opt/rsa/am/server:
rsaadmin@am84p:/opt/rsa/am/utils> cd /opt/rsa/am/server
- Restart the RADIUS server for the change to take effect:
rsaadmin@am84p:/opt/rsa/am/server> ./rsaserv restart radius
- Open an SSH session to each replica and repeat steps 1 - 8.
Related Articles
Enable RADIUS debug/verbose logs with all versions of RSA Authentication Manager 8.x Number of Views How to configure an RSA Authentication Manager 8.1 server to accept a system-generated PIN when a token is in new PIN mode… Number of Views Using alphanumeric PINs with RSA SecurID Software Tokens and RSA Authentication Manager 8.x Number of Views Unable to authenticate to RADIUS server from SonicWALL RADIUS client in RSA Authentication Manager 8.x Number of Views How to recreate the node secret for RADIUS Server in RSA Authentication Manager 8.x Number of Views
Trending Articles
How a Multi-App Entitlement Collector (MAEDC) resolves entitlement relationships with accounts and groups collected by a M… RSA Governance & Lifecycle 8.0 Patch 10 Release Notes RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows User Event Monitor Messages for Cloud Access Service (20601 - 38000) Authentication context not added / Context validation failed errors authenticating with RSA Authentication MFA Agent for A…
Don't see what you're looking for?
