Configuring RSA SecurID or RADIUS Support on an Existing Site

(Available in EFT Server Enterprise) EFT Server can be configured for RSA SecurID authentication via either Native SecurID protocol or RADIUS. To configure RADIUS on a new Site, refer to Defining Connections (Sites). For more information before configuring, refer to RADIUS for User Authentication.

To configure EFT Server Enterprise for RSA SecurID or RADIUS

  1. If you are using the RSA Native SecurID protocol, use the RSA Security Console to generate the sdconf.rec configuration file, then copy the file to a location on EFT Server (typically %windir%\system32). It is not needed when using RADIUS.

  2. Log in to the EFT Server administrator console and click the Site node for which you want to enable RADIUS or RSA SecurID.

  3. Do one of the following:

  1. Click Apply to save your settings.

  2. Click Yes to restart the Site.

icon_info.gif

RSA SecurID uses a “sdconf.rec” file to configure itself as an authentication agent. Upon initial connection to the SecurID server (the first authentication attempt),  a "shared secret” is established between (the Authentication Agent (EFT Server) and the RSA SecurID server. EFT Server saves this secret in the same path as the Site's “sdconf.rec” file. If you clear the node secret in RSA SecurID, you will need to clear the secret on EFT Server, or it will be unable to establish a new one with the server. While the service is stopped, delete the “sdstatus.12” and “securid” files that EFT Server created. When you restart the service, a new secret is established.

Related Topics