PAM LDAP+RSA Implementation

Document ID : KB000012097
Last Modified Date : 14/02/2018
Show Technical Document Details

If you are starting a new PAM deployment or migrating the solution to a virtual machine and you are facing issues with the RSA authentication, then check that the Node Secret status is Exist.

Depending if the server is a Virtual or Physical solution, the RSA configuration file will defer.


LDAP+RSA is not authenticating in my PAM VM but it is in my Physical PAM. What is missing?



Make sure in a VM to generate the sdopts.rec instead of the sdconf.rec


Go to the config->3rd Party: 'RSA Authentication Manager Configuration' and clear the Node secret. 

Import the sdopts.rec created.

You will be able to set the Node Secret to Exist

Go to User -> Manage Groups and import the LDAP+RSA user groups.


If the RSA Client is a VM, it is required to create the mandatory sdopts.rec.

Additional Information:

PREREQUISITE: RSA SecurID authentication requires advance preparation by the SecurID administrator. Indicated in Preparation / Authentication / RSA SecurID.

NOTE: After the first successful user authentication, the Node secret will be populated.