On the test 2.8.3 system used to gather information for this article the mandatory configuration file was loaded and the optional configuration file was not.
After the upgrade to 3.0 the optional configuration file field is populated, but the mandatory file field is empty.
After loading the mandatory configuration file, which required that the Node Secret be RSA and LDAP+RSA authentication still did not work. Clearing the Node Secret on the RSA server also did not help. While investigating this with Engineering some a few differences came to light. The first is that the optional configuration file now seems to be required. In this case, where it wasn't loaded before the upgrade, the file was actually empty. If it was deleted, it can be recreated in an ssh debug session, by doing "touch /var/ace/sdopts.rec.
The second difference is that it is now necessary that the Hostname configured on PAM's Network Configuration page now must match the Hostname configured in the Authentication Agent entry on the RSA server. In this case the RSA server could not resolve the hostname of the PAM instance. It contained the IP address. The PAM Hostname was changed to contain the PAM IP Address.
At this point RSA and LDAP+RSA authentication still did not work. Clearing the Node Secret on PAM once more finally resolved the problem. Bear in mind that you might have to clear the Node Secret on the RSA server as well.
If this document does not enable you to resolve the problem please open a Support Ticket. We are aware of one occurrence where the problem could not be resolved, because the sdconf.rec could not be uploaded. This issue is still under investigation. The document will be updated when this aspect is successfully addressed.