AnsweredAssumed Answered

PAM & RSA integration - getting bad password

Question asked by dinakar_apk on Jul 5, 2018
Latest reply on Jul 5, 2018 by dinakar_apk

Hello All,

I have query regarding RSA integration with CA Privilege Access Manger 3.1.1.

 

There is a limitation that we cannot create any new user in RSA hence we are using the exisitng RSA user (which is already in use and working fine). The same user is already available in Active Directory and it works fine, when we try login to PAM with 'LDAP' option.


As per documentation, we have imported the "sdconf.rec" and "sdopts.rec" in CA PAM and created the same user in AD (Active directory) which works fine if we login using LDAP Authentication to CA PAM.

As per document, once successful login to RSA, NodeSecret will be generated automatically. As of now its empty.

 

In firewall, the port 5500 is also opened on the RSA server, for PAM to communication to RSA server.

 

After this we have tried logging in to CA PAM console using LDAP+RSA option, by entering AD password and "PIN+Token" and we are getting the error as "Error: PAM-CMN-0900: Bad User ID or Password." We also tried only "RSA" with token only, but still getting the same error.

 

I have also tried to troubleshoot on tomcat logs (catalina.out) but I dont see any RSA related information from logs. I have increase the log level to "Finest" but still unable to fine anything.


Request your help on this, Thanks in Advance..!

 

Thanks

DK

Outcomes