Manualshelf

Troubleshooting guide

ManualsBrandsRSA Security ManualsServer6.1
101102103104105106107108109110
A: Migration Data Conversion 103
RSA Authentication Manager 6.1 to 8.1 Migration Guide
Activations on Restricted Agents When LDAP Synchronization Jobs Do Not
Contain Group Data
LDAP users cannot authenticate through certain agents after migration, if the
following conditions exist prior to migration:
The LDAP synchronization job that synchronizes the user is not configured to
synchronize the LDAP group to which the user belongs.
The directory server accessed by the LDAP synchronization job is read-only.
The user belongs to a group that exists only in the
RSA Authentication Manager 6.1 database.
For example, the administrator adds an LDAP user to a group created using the
version 6.1 Database Administration application.
If the user is activated on an authentication agent, migration attempts to create a
user group with the user as a member, and activate the user group on the agent.
In version 6.1, it is possible to synchronize LDAP users without synchronizing their
LDAP groups. Users synchronized by such a job may have a group specified, but the
group resides only in the internal database, meaning that the group relationship is
known only to Authentication Manager. Any group membership specified in the
directory server is unknown to Authentication Manager.
To resolve this problem, contact the administrator responsible for the directory server,
and request the group data so that you can add it to the LDAP synchronization job.
PIN Options for Emergency Codes
In version 6.1, there are two methods available for users who have lost or damaged
their tokens: fixed password or one-time password sets. The administrator selects PIN
options for the fixed password or one-time password sets when the password or sets
are generated. Version 6.1 has no system-wide parameter for the PIN options.
In version 8.1, these emergency access methods are known as online emergency
tokencodes. Version 8.1 applies the same PIN options for online authentication as it
does for offline emergency authentication.
After you migrate, the values configured for the generation of offline emergency
codes are applied to these online emergency codes as well. Existing fixed passwords
and one-time password sets are migrated, and continue to function in the migrated
version 8.1 deployment, but any newly generated fixed passwords (known as fixed
passcodes in version 8.1) and one-time password sets (known as emergency codes in
version 8.1) adhere to the PIN options configured for the version 6.1 offline
emergency codes.