[RADIATOR] Problems integrating with RSA Authentication Manager 7.1

Mike McCauley mikem at open.com.au
Mon Feb 2 17:19:21 CST 2009 

Hello Bjørn-Kåre,

On Tuesday 03 February 2009 05:16:25 am Bjørn-Kåre Flister wrote:
> Hi
>
> I am testing Radiator integration with RSA Authentication Manager 7.1
> and got some problems/errors.
>
> 1. When using Policy RSA_Password
>     RSA-server logs the following message:
>
> Access Denied: User "testUser" attempted to authenticate using
> authenticator "". The user belongs to security domain "SystemDomain"
> Reason: Missing authenticators

Probably you have not set a static password for that user in AM.

>
>
> 2: When using Policy Ondemand or Policy Security_Questions
> Radioator crash/stops with following message:
>
> DEBUG: Calling SOAP LoginCommand
> Can't call method "getNasId" on an undefined value at
> c:/perl/site/lib/Radius/AuthRSAAM.pm line 492. ...caught at
> c:\perl\bin\radiusd line 2.
>
> Tested with radpwtst -interactive
> and tested using Citrix Access Gateway standard 4.5.8
> Both tests crash the Radiator daemon/service

We havent been able to reproduce this.
Can you send the exact radpwtst command line you used to test, along with your 
Radiator configuration file (no secrets) and the Radiator log file at trace 
level 4?


>
> 3: When testing ondemand against a Citrix Access gateway standard 4.5.8
> I get two input-boxes: "Response" and "Verify Response"
> Is it Radiator asking for two inputs of the response?
> And if it is, is it possible to tunr off/Disable the "Verify Response"
> input-box+ The users will probably not accept having to write a 11-number
> digit ondemand password twice :-)

Radiator does not independently ask to verify the input, but only does that if 
AM asks for it. So it sounds like AM is asking for verification. However in 
tests of OnDemand here, AM does not ask to verify on-demand codes.

Is it possible AM is misconfigured, or is perhaps trying to verify a new 
token?

A complete trace 4 log of the conversation will help you to understand whats 
going on with AM.

Hope that helps.

Cheers.

>
>
> My setup is:
> RSA authentication Manager and Radiator installed on same server
> Windows 2003 Server R2/SP2 Enterprise Edition
> RSA Authentication Manager 7.1 with P1 (using port 1812/1813 for Radius)
> ActivePerl 5.8.8.822 (installed and configured using setting the
> environment variable PERL5LIB=) Radiator-Locked-4.3.1.exe with
> patches-4.3.1.tar.gz,  (using port 1645/11656 for Radius) configured with
> registry set:
> HKLM\SYSTEM\CurrentControlSet\Services\Radiator
> Environment REG_MULTI_SZ PERL5LIB=
>
>
> I have managed authenticate using Policy LDAP_Password
>
>
> Hope you can help me getting Radiator to play with the RSA AM 7.1
>
>
> Best Regards
> Bjorn-Kare



-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, DIAMETER etc. Full source
on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list