RSA SecurID Authentication
SDCONF.REC file is generated
from the RSA Authentication Manager for the Firewall MY-VPN-FW01 And it is
placed in the /var/ace directory
SDOPTS.REC is a text file
that contains Client_IP=100.114.255.29
(this the IP address of the Firewall member. The file is created by the System
Admin.
SDSTATUS.12 this file is generated by Checkpoint
and it contains information such as token passing successfully to auth manager,
it records
SECURID – this is the Secret
Node Key that is exchanged between the Security Gateway and RSA SecureID
Server.
"Wrong username and password" error when authenticating via SecurID
- Users
cannot authenticate with SecurID after replacing sdconf.rec file with an updated one
from the RSA SecurID server, receiving "Wrong username and password" error.
- "Node Secret mismatch: cleared on server but not on
agent"
message in the RSA SecurID server logs
The "securid" file (a Secret Node key that is exchanged
between the Security gateway and the RSA SecurID Server) is corrupted. sk106582
The sdopts.rec file will not be invoked
the sdopts.rec file was not being
invoked by Firewall-1 because of the presence ofthe sdstatus.12 which is also
in the /var/ace directory. The sdstatus.12 file takes precedence. Removing the
sdstatus.12 file made the sdopts.rec take effect.
Any modification of these file will require a cpstop and
cpstart on the active cluster member.
How to Download a the SDCONF.REC file
Access –> Authentication Agent -> Generate Configuration File
RSA Authentication Manager (Auth Manager)
Authentication Manager has a WebUI, and it manages users, tokens agents and can produce reports and enforce policies like how many time. The Authentication Manager has a primary and a replica for redundancy. It is available in 2 options, software and appliance form factor. It’s main purpose is to handle user authentication requests, and also to system administration such as users, tokens, agents, reporting, and policy and database backups
