RSA configurationWord文档下载推荐.docx
《RSA configurationWord文档下载推荐.docx》由会员分享,可在线阅读,更多相关《RSA configurationWord文档下载推荐.docx(14页珍藏版)》请在冰豆网上搜索。
3.Addradiusclient(CiscoAP)
4.Importtokenfile
5.AssigntokenIDtouser
6.Generateconfigurefileforagentinstallation,itwillbeusedforAuthenticationAgent6.1installation.
6.Downloadservercertificate
IncomputerBwhichACSinstalled
1.InstallthecertificategeneratedinRSA.
2.InstallAuthenticationAgent6.1,theconfigurefile(seestep6)needtobespecified.
Afterfinishinstallation,aceclnt.dllfileshouldbegeneratedinc:
/windows/system32folder.
Note:
ACSsettingisbasedonwirelessenvironment,RADIUSconfigurationshouldbefinished.ThefollowingstepsareONLYforRSA
3.InACS4.0,click“ExternalUserDatabase”->
”databaseconfiguration”->
”RSAsecurityIDTokenServer”->
“createnewconfiguration”->
“submit”.Asthefollowingpicture,aceclnt.dllfilewillbeused.
4.InACS,createonenewuserwhosenameissameastheoneinRSA,select“RSAsecuredTokenServer”.Noneedspecifypassword,itwillgenerateautomatically.
5.In“externaluserdatabase”->
”unknownuserpolicy”,addRSAsecurIDtokenserverto“selecteddatabase”
6.Runauthenticationagent6.1->
authenticationtest
Usetheusernameandpasscode(generateinKEY)totestifitissuccessfultobeauthenticated.WhenauthenticationisOKinthefirsttime,PINisrequiredtobeset.AndtheninputPIN+Passcodetotest,itwillsucceed.
7.InAP,specifytheRadiusserverwhichissetinACS.
8.IfGTCauthenticationissuccessfulinWTOS/windows,logshouldbewillbeimportedinACS
PartⅡRSA7.1+VMVIEW3.1
Inmyenvironment,vmviewserverandRSAarenotinsamedomain.
1.AddvmviewserveraddresstoRSAserverasagent.
2.Addanotheruserwhichissameasvmviewuser,e.g.vmviewcitrix1.Thisonewillbeusedforoption“EnforceSecurIDandWindowsusernamematching”.
3.Assigntokentotheuser.
4.Generateconfigurationfilefrom“Access”->
“Authenticationagent”
5.Enable“RSAsecurityID”optionandimporttheconfigurationfiletovmviewserverconfigurationUI.
6.Usevmviewclientinwindowtotry.
Troubleshooting:
1.EnsurecommunicationbetweenclientandRSAisOK.IfyoucannotaddnewRADIUSclientinRSAserverandgeterror“cannotgetyourRADIUSserver,pleaseaddRADIUSserverfirstly…”,itprovesyourRSAserverhasproblem.Inmyencounter,gotoprevioussnapshot.
2.Ifyoualwaysgeterror“accessdenied”,checkifyouruserhasbeenlockedinRSAserver.
3.Theoption“ClearsecureID”(PIN)inRSAserverwillhelpyoureconfigurePIN.
4.Log->
activemonitorishelpful.
5.“Clearnodesecret”
NodeSecretReset
IfaViewClientconnectionwithRSASecurIDdisplaysAccessDeniedandtheRSA
AuthenticationManagerLogMonitordisplaystheerrorNodeverificationFailed,clearthenodesecretonViewConnectionServerandthendothefollowing:
1)RunRSAAuthenticationManagerHostMode.
2)SelectAgentHostmenu>
EditAgentHost.
3)SelecttheViewConnectionServerfromthelistandselectOK.
4)DeselectNodeSecretCreatedandclickOK.
PartⅢXDT4.0+RSA7.1+Netscaler9.1+CitrixReceiver2.2.2
ForXDT4.0+Netscaler9.1+CitrixReceiver2.2.2part,pleaserefertofile“Citrix_AGEE_ICAProxyReceiver.pdf”
HowtomakeRSAandNetscalercommunicateeachother?
1.CreatepolicyandbindtoVirtualserver.
2.GiveRSAserverinfo:
3.Giveexpressioninthepolicy.
4.IfyouwanttouseRSA+DomainmodeinReceiver,bindLDAPpolicytovirtualserver.
5.GiveexpressioninthesecondaryLDAPpolicy.
6.InRSAserver,addNetscalerIP(NSIP)asRadiusclientandassociateitasAgent.
Notes:
1.TotestcommunicationbetweenRSAandNetscaler,
a.ConnectNetscalerfromlaptopwithPutty.
b.RuncommandnstracetcpdumpENABLED
c.DownloadtracefilefromNetcaler->
system->
diagnostics,“technicalsupporttools”part.(youalsocanuseWinSCPtotransferfilefromNetscalertolocalcomputer)
d.Runshellandcat../tmp/aaad.debugtoshowdebuginfo
2.UsingIEbrowsertoinitialPIN
a.DoNOTbindLDAPpolicytovirtualserver.
b.InIE,openvirtualserveraddress,suchas
c.GivepasscodeandfollowingthestepstosetPIN.(youalsocandisablePINpolicyinRSAservertoletuserlogonwithpasscodeonly)
3.GivecorrectDNSinwifisettinginIphone.
升级会员 