Trouble Shooting Tips for LDAP+RSA authentication implementation in CA PAM

Document ID : KB000010600
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

We are failing to authenticate to the CA PAM Client using LDAP+RSA method.

In the PAM session logs we see error codes 18074 and 18002.

What needs to be checked to reveal the root cause of this issue.

Instructions:
  1. Reconfigure CA PAM to LDAP only authentication and confirm that users can successfully authenticate via LDAP only

  2. Clear Node secret after uploading the sdconf.rec
    Then best reboot the PAM appliance allow initiation of the communication from PAM to the RSA Server.

  3. Confirm that TCP port 5500 is open from PAM to the RSA server
    (Check with PAM / Config / Tools / Port Scan)
    Confirm with your RSA Administrator that this one has not been changed from the default.

  4. Try deleting the LDAP group once more and redo the import.
    Try setting the Authentication Method to RSA only this time.

  5. Confirm that the user's is defined in the RSA Server accordingly with the same sAMAcccountName

  6. Also make sure that time is in sync between the RSA Server, PAM Server, PAM Client and the RSA Token devices.
Additional Information: