RSA SecurID soft token not importing to BB Z10

Similar Messages

• RSA SecurID Software Token for Nokia

  Hi
  C7-00 is on the symbian^3 platform, which is the same as N8 & E7. While SecurID Software Token for nokia is qualified for N8 & E7, why is it not qualified for C7?
  They are all on the same platform (Symbian^3) !!
  When can it be qualified?

  Hi Webabc123,
  I would recommend to use SMS PASSCODE with Cisco AnyConnect. SMS PASSCODE Works with traditional IPSEC VPN, the SSL VPN and Cisco AnyConnect. You can see an example here: http://player.vimeo.com/video/100710625
  SMS PASSCODE can make traditional MFA and provide a session specific token, that cannot be used outside the session. Further more is SMS PASSCODE offering geo fencing.
  SMS PASSCODE can deliver the token by ordinary sms, flash sms, app based text message, voice call back, yubico token, OATH hardware token, soft token like Google authenticator or Microsoft authenticator.
  You can have a mixed environment with SMS PASSCODE and RSA tokens.
  The administration of a policy driven system like SMS PASSCODE will provide a huge cost saving compared to administer a hardware token solution. 

• Soft returns not importing

  Hi. I recently impoterd a Frame 7.1 Chapter into RoboHelp
  HTML 8.0 and everything worked okay with the exception of soft
  returns. For some reason it didn't import these and I was left with
  large strings of test which I had to fix by hand. Any ideas? Thanks
  in advance

  As far as I can tell, this isn't a new bug in as much as InDesign CS3, CS4, CS5 and CS5.5 (Mac) all exhibit the same problem exporting soft-returns in Unicode encoded Tagged Text where they are replaced with hard returns on import. Unfortunately it appears that we may be the only ones that care and thus it's unlikely that Adobe will fix it (unless someone adopts it as a JDI bug).
  Update: after testing some more it appears this is an export bug for Mac OS-only. In other words, if you use a PC to export a story that contains soft-returns to Tagged Text (Unicode), the soft-returns are preserved when placing into a document using a Mac. And vice-versa, using a Mac to export a story with soft-returns to Tagged Text (Unicode) and then placing this into a document using a PC exhibits the same substitition of soft-returns for hard-returns.
  Message was edited by: Caleb Clauset

• Integration of Cisco ACS SE 4.2 and RSA SecurID Token Server

  Hi,
  I would be very appreciated if anyone can share their experience. Thanks in advance.
  Issue:
  I am trying to configure the ACE SE 4.2 to authenticate using RSA SecurID Token Server.
  Problems encountered:
  Authentication failed. In the failed logged attempt the error "External Database not operational" was next to the login name.
  In the auth.log, there was "External DB [SecurID.dll]: aceclnt.dll callback returned error [23]".
  Questions:
  1. Please kindly advise how I should resolve this problem.
  2. Also, is there any successful message once ACS get the sdconf.rec? Will the "Purge Node Secret" button be enabled?
  Troubleshooting steps I have done:
  Below is the steps I took to setup the external DB.
  1. Verified sdconf.rec is not a garbage file using the Test authentication function in RSA client.
  2. FTP sdconf.rec in the external database configuration. (Had used Wireshark and confirm file transfered successfully.)
  2. Defined unknown user policy to check RSA SecurID Token Server to authenticate.
  Thank you.

  I have NO experience with ACS SE 4.2 and
  RSA SecurID Token Server BUT I have
  experiences with Cisco ACS 4.1 running on
  Windows 2003 SP2 Enterprise Edition and
  RSA SecurID Token Server.
  All the troubleshoot you've done is correct.
  In Windows 2003 running Cisco ACS, you can
  install the test authentication RSA client
  and that you can verify that the setup
  is correct (by verifying that the sdconf.rec
  is not corrupted).
  One thing I can think of is that when you
  setup the ACS SE box, under external
  database, configure unknown user policy,
  did you check it to tell how to define users
  when they are not found in the ACS internal
  database. Did you select RSA SecurID token
  server?
  Other than that, from what I understand,
  you've done everything correctly.

• Web server will not start due to RSA Securid errors

  We have an iPlanet 4.1 Service Pack 14 web server that was running fine until last friday. When we go to start the server we get the following error:
  Status:
  [https-ivpnas]: start failed. (2: unknown early startup error)
  [https-ivpnas]: conf_init: Error running init function securidinit: unknown error
  [https-ivpnas]: server exit: status 1
  Error
  An error occurred during startup.
  The server https-ivpnas was not started.
  The error log also contains this additional error:
  [27/Sep/2004:10:06:57] info ( 4164): successful server startup
  [27/Sep/2004:10:06:57] info ( 4164): iPlanet-WebServer-Enterprise/4.1SP14 BB1-01/15/2004 13:04
  [27/Sep/2004:10:06:58] catastrophe ( 4164): securidauth reports: InitAceClient returned FALSE
  This website uses RSA Securid for authentication. We have contacted RSA and they think it is a webserver problem. Any insight anyone can provide would be great. Thanks!

  The error message is generated by the RSA plugin, not Web Server. RSA should be able to help diagnose the problem further.

• ISE Not Authenticating Against RSA SecurID

  In the process of integrating ISE 1.2 into our environment with the eventual intent to replace ACS 5.x and having a challenge adding an RSA SecurID server as an external identity source.
  In ACS, we would create an internal user but configure the password to be handled externally and uses PAP or whatever to communicate with RSA.
  I don't see this option in ISE, only to use the RSA SecurID as a direct Identity Source, the problem is that if I try to authenticate to ISE using a device such as an iPhone, which is using MS-CHAPv2 by default, it produces an error in the authentication logs that the device is using a protocol not supported by the identity source.
  So what is the proper way to configure ISE to allow users to authenticate with a one-time-password against RSA SecurID?

  check the following link for Integrating Cisco ISE with RSA SecurID Server
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1080334

• Since I upgraded to Lion, my RSA securid token and Cisco VPN client doesn't work any longer. Anyone have suggestions on how to fix that?

  Since upgrading to Lion, I can no longer use VPN because my RSA securid token and CIsco VPN Client won't load. Any suggestioins out there?

  .

• External Identity Sources, binding RSA securID to ISE

  Hi all,
  Say, my topology was using ISE doing VPN inline posture, and bind RSA securID (version 7.1) as external Identity Sources.
  During  the deployment, in order to let my iPEP node join the Policy Service  Node, for the certificate i using the third party CA server (Window  server 2008 R2) as the root CA, both of these 2 ISE were mutual  authenticated and done.
  My question. as i using  RSA secureID as external identity sources, native behaviour, Will the  ISE trust RSA with no identity certificate signed by the identitical  root CA?
  Should i enroll this RSA appliance issue the CSR to CA server to sign and in the PKI environment? Is there a need for this?
  Thanks
  Noel

  Noel,
  From my experience when integrating with the RSA token server you need the sdconf.rec file exported from the RSA and you import that into the ISE configuration. You then select this identity store with your authentication policies for vpn users. There isnt a need for any certificates when integrating with a token server (that was the last time I checked) and even if there would just need to trust each other's certficats.
  I hope that helps!
  Sent from Cisco Technical Support iPad App

• RSA SecurID and Cisco ACS integration for user(s) with enable mode

  I thought I had this problem figured out but I guess not.
  I have a Cisco 2621 router with IOS 12.2(15)T17. Behind the
  router is a Gentoo linux, RSA SecurID 6.1 and Cisco ACS 3.2.
  I use tacacs+ authentication for logging into the Cisco router
  such as telnet and ssh. In the ACS I use "external user databases"
  for authentication which proxy the request from the ACS over
  to the RSA SecurID Server. I installed RSA Agents with
  sdconf.rec file on the Cisco ACS server. I renamed "user group 1"
  to be "RSA_SecurID" group. In the "External user databases" and
  "database configurations" I assign SecurID to this "RSA_SecurID"
  group.
  Everything is working fine. In the "User Setup" I can see dynamic
  user test1, test2,...testn listed in there as "dynamic users". In
  other words, I can telnet into the router with my two-factor
  SecurID.
  The problem is that if test1 wants to go into "enable" mode with
  SecurID login, I have to go into "test1" user setting and select
  "TACACS+Enable Password" and choose "Use external database password".
  After that, test1 can go into enable mode with his/her SecurID
  credential.
  Well, this works fine if I have a few users. The problem is that
  I have about 100 users that I need to do this. The solution is
  clearly not scalable. Is there a setting from group level that
  I can do this?
  Any ACS "experts" want to help me out here? Thanks.

  That is not what I want. I want user "test1" to be able to do this:
  C
  Username: test1
  Enter PASSCODE:
  C2960>en
  Enter PASSCODE:
  C2960#
  In other words, test1 user has to type in his/her RSA token password to get
  into exec mode. After that, he/she has to use the RSA token password to
  get into enable mode. Each user can get into "enable" mode with his/her
  RSA token mode.
  The way you descripbed, it seemed like anyone in this group can go directly
  into enable mode without password. This is not what I have in mind.
  Any other ideas? Thanks.

• ISE Authentication Policy for RSA Securid and LDAP for VPN

  We are working on replacing our existing ACS server with ISE.  We have 2 groups of users, customers and employees.  The employee's utilize RSA securid for authentication while the customers use Window authentication.  We have integrated the AD into ISE using LDAP and this has been tested.  We are now working on trying to get the rsa portion to work.  We are wanting to utilize the authorization policy to assign the group-policy/IP for both clients via the LDAP user attributes.
  Here is my question:
  Under the authentication policy should we look @ an identity store that has RSA securid users, LDAP users and then internal users.  I assume if the user isn't present in the RSA store it will then look @ the LDAP, will this present an issue with overhead in our RSA environment.  With the legacy ACS the descsion on where to authenticate the user was done on the ACS, either Windows or RSA.  The employee users will still also be present in the LDAP so we can utilize the attributes for IP address/group policy.  The number of customer vpn's is several times larger than employees and I am afraid that if we have to query the securid servers for every authentication vpn authentication attempt this could cause issues.  Our utilimate goal is to move to any connect and utilize a single url for all authentication but allow ise to instruct the asa what attributes to hand to the client such as dns/Dacl. 
  Thanks,
  Joe

  That is not what I want. I want user "test1" to be able to do this:
  C
  Username: test1
  Enter PASSCODE:
  C2960>en
  Enter PASSCODE:
  C2960#
  In other words, test1 user has to type in his/her RSA token password to get
  into exec mode. After that, he/she has to use the RSA token password to
  get into enable mode. Each user can get into "enable" mode with his/her
  RSA token mode.
  The way you descripbed, it seemed like anyone in this group can go directly
  into enable mode without password. This is not what I have in mind.
  Any other ideas? Thanks.

• Does Remote Desktop Services Gateway Support RSA SecurID without TMG or ISA?

  We would like to roll out a single server RDS Gateway in our DMZ that can allow users to work from home and access their primary Windows 7 physical box workstation in the office.
  Instead of purchasing laptops for everyone who only occasionally needs to work from remotely, we would like some of the users to be able to use their home PCs and not need to install any VPN or other software on their computers.
  We already have RSA SecurIDs used for VPN clients, and I wanted to know if there is a way to use these existing tokens for second factor authentication instead of having to purchase an additional product such as Duo Security or AuthAnvil.
  If will be much easier to use something we know and probably much more economical to use the SecurID tokens that are already paid for plus add a few more if needed.
  We do not have TMG or ISA and when I do a web search for RSA tokens with RDS Gateway, most of the results are talking about using TMG to make it work.

  Hi,
  Thank you for posting in Windows Server Forum.
  Sorry to say but as per my research generally RSA SecurID use TMG or ISA without that it will not function correctly. You can follow article for useful information.
  RD Gateway deployment in a perimeter network & Firewall rules
  http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• ACS appliance -- AD -- RSA Securid Server

  I have Cisco ACS appliance running version 3.3.2.2 and Windows Active Directory on Win2000 Advanced Server and RSA v5.2. I already installed successfully the remote agent in Active directory.
  Authentication using EAP-FAST from my wireless client going to ACS to AD is successful.
  But when authenticating going to RSA failed. I can't find logs that my ACS is communicating successfully with RSA.
  Here's more info:
  In Active Directory, remote agent for ACS installed succesfully. Agent for RSA is also installed succesfully.
  In ACS appliance, remote agent was already pointed to AD.
  No RSA SecurID Token Server found in my External User Database Configuration list. I think this is the problem.
  How can I manage to configure RSA SecurID Token Server in my ACS appliance?

  Hello,
  The configuration guideline for the ACS is described in "Configuring CiscoSecure ACS for Windows NT with ACE Server Authentication" at
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080094650.shtml
  I had this up and running with a customer. There was no AD involved though, so it is not entirely your case and there might be other obstacles on the way.
  ACS with ACE however works, though there were some nasty problems to be solved on the way to success.
  One thing to point out straight away also mentioned in the document mabove:
  Challenge Handshake Authentication Protocol (CHAP) cannot be used with the ACE tokens alone because of the requirement CHAP RFC (1994) that states:
  CHAP requires that the secret be available in plaintext form. Irreversibly encrypted password databases commonly available cannot be used.
  This precludes use of the ACE tokens for straight CHAP unless there is a separate CHAP password. For instance:
  username: xxxx
  password: xxxx
  Password Authentication Protocol (PAP) is a better choice here.
  This means the user has to enter "username*token" - the customer finally wrote a Java applet to construct the propper combination out of different clearly named input fields to simplify the input for unexperienced users.
  Hope this helps! Please rate all posts.
  Regards, Martin

• RSA SecurID no longer available on Nokia N8 Belle

  Just upgraded my Nokia N8 and was shocked to see that RSA SecurID is no longer available
  I wonder how can such an important business app can be missed ! Lucky for me I have an Andriod Tab, but other N8 users beware.
  Solved!
  Go to Solution.

  Ok, I was able to download the software using the Nokia web browser from http://www.rsa.com/nokia101 however our IT team was unable to set-it up. We then downloaded the Java client from  www.rsa.com/jme and it worked fine.

• AAA Authorization with RADIUS and RSA SecurID Authentication Manager

  Hi there.
  I am in the process of implementing a new RSA SecurID deployment, and unfortunately the bulk of the IOS devices here do not support native SecurID (SDI) protocol. With the older RSA SecurID deployment version, it supported TACACS running on the system, now in 8.x it does not.  Myself, along with RSA Support, are having problems getting TACACS working correctly with the new RSA Deployment, so the idea turned to possibly just using RADIUS
  I have setup the RADIUS server-host, and configured the AAA authentication and authorization commands as follows:
  #aaa new-model
  #radius-server host 1.1.1.1 timeout 10 retransmit 3 key cisco123!
  #aaa authentication login default group radius enable
  #aaa authorization exec default group radius local
  I have also tried
  #aaa authorization exec default group radius if-authenticated local
  I can successfully authenticate via SSH to User Mode using my SecurID passcode -- however, when I go to enter Priv Exec mode, it wont take the SecurID passcode - I just get an "access denied"
  I've ran tcpdump on the RSA Primary Instance, looking for 1645/1646 traffic, and I dont get anything
  I've turned on RADIUS debugging on the IOS device, and I dont get anything either
  I did see this disclaimer in a Cisco doc: "The RADIUS method does not work on a per-username basis."  -- not sure if this is related to my issue?
  I'm beginning to wonder if IOS/AAA cant pass authorization-exec process to RSA SecurID

  I don't have a solution, but can confirm I have the same problem and am also trying to find a solution.
  I see no data sent to the RSA server when using the wireless AP. With other equipment on the same ACS, I do see the attempts going to the RSA server.
  The first reply doesn't seem to apply to me, since it's not sending a request from the ACS machine to the RSA machine.

• RSA SecurID authentication and privilege level

  Hello,
  I'm new working with Cisco ACS, learning by seat of pants; most of the documentation on Cisco's website is fairly cryptic and does not use many pictures. Therefore,I would appreciate some help setting up privileges. We have ACS v5.2 which I have set up using RSA SecurID and appears to be working correctly. However, I'm having problems with the privilege level when I access a router it lands me in user mode. I'm trying to set up a administrator group for the routers and switches to have each member dropped in privilege level 15, exec mode but I'm having difficulty doing this.
  Unfortunately, I'm unable to find any real useful information in reference to setting up RSA SecurID. It seems more of the information is geared around radius servers. Any help would be greatly appreciated. Thank you much!

  Hello.
  Remember AAA means authentication, authorization and accounting. In your case you authenticate with RSA , but you authorize with ACS policies. For TACACS+ and traditional IOS from routers and switches you can use a ACS policy element called "shell profile" which you can use to specify some attributes like privilege level. Then you can use the "shell profile" to create an authorization policy.
  I'm attaching some screenshots. In this example I'm using AD instead of RSA because I don't have a RSA available. Please rate if it helps.