1. Reconfigure CA PAM to LDAP only authentication and confirm that users can successfully authenticate via LDAP only
2. Clear the Node secret after uploading the sdconf.rec. Then best reboot the PAM appliance to allow initiation of the communication from PAM to the RSA Server.
3. When configuring PAM as an Authentication Agent on the RSA server, use the short hostname of the PAM server as hostname of the authentication agent. PAM will send the short hostname configured in PAM network configuration to the RSA server.
4. Confirm that TCP port 5500 is open from PAM to the RSA server (Check with PAM / Config / Tools / Port Scan).
Confirm with your RSA Administrator that this one has not been changed from the default.
5. Try deleting the LDAP group once more and redo the import.
Try setting the Authentication Method to RSA only this time.
6. Confirm that the user is defined in the RSA Server accordingly with the same sAMAcccountName.
7. Also make sure that time is in sync between the RSA Server, PAM Server, PAM Client and the RSA Token devices.