Layer7 Privileged Access Management

Expand all | Collapse all

PAM & RSA integration - getting bad password

Jump to Best Answer
  • 1.  PAM & RSA integration - getting bad password

    Posted 07-05-2018 06:30 AM

    Hello All,

    I have query regarding RSA integration with CA Privilege Access Manger 3.1.1.


    There is a limitation that we cannot create any new user in RSA hence we are using the exisitng RSA user (which is already in use and working fine). The same user is already available in Active Directory and it works fine, when we try login to PAM with 'LDAP' option.

    As per documentation, we have imported the "sdconf.rec" and "sdopts.rec" in CA PAM and created the same user in AD (Active directory) which works fine if we login using LDAP Authentication to CA PAM.

    As per document, once successful login to RSA, NodeSecret will be generated automatically. As of now its empty.


    In firewall, the port 5500 is also opened on the RSA server, for PAM to communication to RSA server.


    After this we have tried logging in to CA PAM console using LDAP+RSA option, by entering AD password and "PIN+Token" and we are getting the error as "Error: PAM-CMN-0900: Bad User ID or Password." We also tried only "RSA" with token only, but still getting the same error.


    I have also tried to troubleshoot on tomcat logs (catalina.out) but I dont see any RSA related information from logs. I have increase the log level to "Finest" but still unable to fine anything.

    Request your help on this, Thanks in Advance..!




  • 2.  Re: PAM & RSA integration - getting bad password
    Best Answer

    Posted 07-05-2018 10:02 AM

  • 3.  Re: PAM & RSA integration - getting bad password

    Posted 07-05-2018 10:47 AM

    Hi Ralf, 


    Yes its the same, raised by one of my team members. His post was not shown for long time thats why I raised another.

    I will followup on that link.


    Sorry for that.