RSA configuration.docx
- 文档编号:8152639
- 上传时间:2023-01-29
- 格式:DOCX
- 页数:14
- 大小:2.19MB
RSA configuration.docx
《RSA configuration.docx》由会员分享,可在线阅读,更多相关《RSA configuration.docx(14页珍藏版)》请在冰豆网上搜索。
RSAconfiguration
PartⅠRSA7.1+ACS4.0+GTCauthentication
Inmyenvironment,RSAmanager7.0isinstalledincomputerA,CiscoACS4.0isinstalledincomputerB,DCiscomputerC.
IncomputerAwhichRSAmanagerinstalled
1.Createanewuser.
2.Addanagent(computerB)
3.Addradiusclient(CiscoAP)
4.Importtokenfile
5.AssigntokenIDtouser
6.Generateconfigurefileforagentinstallation,itwillbeusedforAuthenticationAgent6.1installation.
6.Downloadservercertificate
IncomputerBwhichACSinstalled
1.InstallthecertificategeneratedinRSA.
2.InstallAuthenticationAgent6.1,theconfigurefile(seestep6)needtobespecified.
Afterfinishinstallation,aceclnt.dllfileshouldbegeneratedinc:
/windows/system32folder.
Note:
ACSsettingisbasedonwirelessenvironment,RADIUSconfigurationshouldbefinished.ThefollowingstepsareONLYforRSA
3.InACS4.0,click“ExternalUserDatabase”->”databaseconfiguration”->”RSAsecurityIDTokenServer”->“createnewconfiguration”->“submit”.Asthefollowingpicture,aceclnt.dllfilewillbeused.
4.InACS,createonenewuserwhosenameissameastheoneinRSA,select“RSAsecuredTokenServer”.Noneedspecifypassword,itwillgenerateautomatically.
5.In“externaluserdatabase”->”unknownuserpolicy”,addRSAsecurIDtokenserverto“selecteddatabase”
6.Runauthenticationagent6.1->authenticationtest
Usetheusernameandpasscode(generateinKEY)totestifitissuccessfultobeauthenticated.WhenauthenticationisOKinthefirsttime,PINisrequiredtobeset.AndtheninputPIN+Passcodetotest,itwillsucceed.
7.InAP,specifytheRadiusserverwhichissetinACS.
8.IfGTCauthenticationissuccessfulinWTOS/windows,logshouldbewillbeimportedinACS
PartⅡRSA7.1+VMVIEW3.1
Inmyenvironment,vmviewserverandRSAarenotinsamedomain.
1.AddvmviewserveraddresstoRSAserverasagent.
2.Addanotheruserwhichissameasvmviewuser,e.g.vmviewcitrix1.Thisonewillbeusedforoption“EnforceSecurIDandWindowsusernamematching”.
3.Assigntokentotheuser.
4.Generateconfigurationfilefrom“Access”->“Authenticationagent”
5.Enable“RSAsecurityID”optionandimporttheconfigurationfiletovmviewserverconfigurationUI.
6.Usevmviewclientinwindowtotry.
Troubleshooting:
1.EnsurecommunicationbetweenclientandRSAisOK.IfyoucannotaddnewRADIUSclientinRSAserverandgeterror“cannotgetyourRADIUSserver,pleaseaddRADIUSserverfirstly…”,itprovesyourRSAserverhasproblem.Inmyencounter,gotoprevioussnapshot.
2.Ifyoualwaysgeterror“accessdenied”,checkifyouruserhasbeenlockedinRSAserver.
3.Theoption“ClearsecureID”(PIN)inRSAserverwillhelpyoureconfigurePIN.
4.Log->activemonitorishelpful.
5.“Clearnodesecret”
NodeSecretReset
IfaViewClientconnectionwithRSASecurIDdisplaysAccessDeniedandtheRSA
AuthenticationManagerLogMonitordisplaystheerrorNodeverificationFailed,clearthenodesecretonViewConnectionServerandthendothefollowing:
1)RunRSAAuthenticationManagerHostMode.
2)SelectAgentHostmenu>EditAgentHost.
3)SelecttheViewConnectionServerfromthelistandselectOK.
4)DeselectNodeSecretCreatedandclickOK.
PartⅢXDT4.0+RSA7.1+Netscaler9.1+CitrixReceiver2.2.2
ForXDT4.0+Netscaler9.1+CitrixReceiver2.2.2part,pleaserefertofile“Citrix_AGEE_ICAProxyReceiver.pdf”
HowtomakeRSAandNetscalercommunicateeachother?
1.CreatepolicyandbindtoVirtualserver.
2.GiveRSAserverinfo:
3.Giveexpressioninthepolicy.
4.IfyouwanttouseRSA+DomainmodeinReceiver,bindLDAPpolicytovirtualserver.
5.GiveexpressioninthesecondaryLDAPpolicy.
6.InRSAserver,addNetscalerIP(NSIP)asRadiusclientandassociateitasAgent.
Notes:
1.TotestcommunicationbetweenRSAandNetscaler,
a.ConnectNetscalerfromlaptopwithPutty.
b.RuncommandnstracetcpdumpENABLED
c.DownloadtracefilefromNetcaler->system->diagnostics,“technicalsupporttools”part.(youalsocanuseWinSCPtotransferfilefromNetscalertolocalcomputer)
d.Runshellandcat../tmp/aaad.debugtoshowdebuginfo
2.UsingIEbrowsertoinitialPIN
a.DoNOTbindLDAPpolicytovirtualserver.
b.InIE,openvirtualserveraddress,suchas
c.GivepasscodeandfollowingthestepstosetPIN.(youalsocandisablePINpolicyinRSAservertoletuserlogonwithpasscodeonly)
3.GivecorrectDNSinwifisettinginIphone.
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- RSA configuration