Troubleshooting guide
92 6: Performing Post-Migration Tasks
RSA Authentication Manager 6.1 to 8.1 Migration Guide
Procedure
1. In the Security Console, click Access > Authentication Agents > Generate
Configuration File.
2. From the Maximum Retries drop-down menu, select the number of times you
want the authentication agent to attempt to establish communication with
Authentication Manager before returning the message “Cannot initialize agent -
server communications.”
3. From the Maximum Time Between Each Retry drop-down menu, select the
number of seconds that you want to set between attempts by the authentication
agent to establish communications with Authentication Manager.
4. Click Generate Config File.
5. Click Download Now, and save AM_Config.zip to your local machine.
Next Steps
• Copy AM_Config.zip, containing the sdconf.rec file and the failover.dat file, to
each agent host.
• Configure the agent with the new sdconf.rec file and if necessary, the failover.dat
file. For instructions, see your agent documentation.
Test the RSA RADIUS Operation
There are two ways to test RSA RADIUS operation:
• Test to see that RSA SecurID authentication works between the RSA RADIUS
server and Authentication Manager. You can use one of the many third-party
RADIUS test authentication tools to facilitate your testing. (You can find many of
these tools on the Internet.)
• Test end-to-end authentication to ensure that a RADIUS client can successfully
authenticate using RSA RADIUS and Authentication Manager.
Use the following test to ensure that a user can successfully authenticate using
RSA RADIUS and Authentication Manager.
Procedure
1. Configure a RADIUS client to communicate with the RSA RADIUS server. For
more information, see the Security Console Help topic “Add a RADIUS Client.”
2. Provide a test user with an RSA SecurID token and any required software.
3. If you want to test one particular RADIUS server, log in to the client device, run
its administration program, bring up its RADIUS configuration interface, and
enter the IP address of the RADIUS server.
4. Have the user attempt to access a protected resource using the SecurID token.
If the user can successfully authenticate, RADIUS is properly configured.