Configuring RSA SecurID or RADIUS Support on an Existing Site

(Available in EFT Server Enterprise) EFT Server can be configured for RSA SecurID authentication via either Native SecurID protocol or RADIUS. To configure RADIUS on a new Site, refer to Defining Connections (Sites). For more information before configuring, refer to RADIUS for User Authentication.

To configure EFT Server Enterprise for RSA SecurID or RADIUS

If you are using the RSA Native SecurID protocol, use the RSA Security Console to generate the sdconf.rec configuration file, then copy the file to a location on EFT Server (typically %windir%\system32). It is not needed when using RADIUS.
Log in to the EFT Server administration interface and click the Site node for which you want to enable RADIUS or RSA SecurID.
Do one of the following:

- Click RSA SecurID and then click Configure. The RSA SecurID Authentication Settings dialog box appears.
- - Specify the location of the RSA Server configuration file (sdconf.rec), then click OK. (Note that SecurID files will reside in this location. Node secret and sdstatus.12 files will be generated at this location.)
- Click RADIUS and then click Configure. The RADIUS Authentication Settings dialog box appears.
- - Specify the RADIUS authentication settings, then click OK.

Click Apply to save your settings.
Click Yes to restart the Site.

RSA SecurID uses a “sdconf.rec” file to configure itself as an authentication agent. Upon initial connection to the SecurID server (the first authentication attempt), a "shared secret” is established between (the Authentication Agent (EFT Server) and the RSA SecurID server. EFT Server saves this secret in the same path as the Site's “sdconf.rec” file. If you clear the node secret in RSA SecurID, you will need to clear the secret on EFT Server, or it will be unable to establish a new one with the server. While the service is stopped, delete the “sdstatus.12” and “securid” files that EFT Server created. When you restart the service, a new secret is established.