I have recently implemented a RSA SecurID infrastructure to provide secure two-factor authentication over both local login to servers and workstations and also EAP VPN authentication. This was initially using SID700 tokens and worked brilliantly. Since then we have purchased a number of SID800 tokens which have USB connectors built-in to automatically passthrough the code on the display.
Unfortunatly I have been unable to get them to fully integrate with the logon GINA and still allow full VPN EAP support, until now!
There is not a lot of documentation around doing this with the SID800 tokens so below is the highlevel overview of what I have installed to get them to work, in order:
-
Microsoft USB CCID hardware drivers
-
RSA Authentication Agent 6.1
-
RSA Authentication Agent 6.1.2 patch
-
RSA Authenticator Utility
If anyone would like further details please drop me an email and I will do my best to help you out.
i don’t have any of that. i got he token on ebay. pleae help
I hope you didn’t pay too much money as it is useless without a license from RSA!
This seems to be the correct set software modules, but I would install in the following order:
* Microsoft USB CCID hardware drivers
* RSA Authenticator Utility
* RSA Authentication Agent 6.1
* RSA Authentication Agent 6.1.2 patch
Hope this helps.
Suerte,
_Vin
I have the same issues and am strugling to find the Microsoft USB CCID drivers.
Steps to find USB CCID driver on Windows Update Catalog for Windows XP:
- Open Internet Explorer and go to the Windows Update site on an XP machine.
- From the left pane, click Windows Update Catalog (if this does not exist click on “personalize windows update” and enable windows update catalog).
- Select “Find driver updates for hardware devices” from the right pane.
- Select “Input Devices”.
- Select “Manufacturer = Microsoft”, “OS = Windows XP Professional RTM” and click search. (You can also try Windows 2000 and Windows Server 2003, but its the same driver for all three OS).
- Select “Microsoft SmartCardReader Driver Version 5.2.3790.0 – (Posted Date: May 19, 2003)” and add to download basket. (Please note that the posted date may change over time)
Thanks for the info on the CCID but where do I get the RSA Authenticator Utility? I have the seeds and the Authenticators but no Utility. The Utility software was not shipped with the Authenticators. Where did you get the Utility? Thanks.
You can only obtain the RSA Authenticator Utility with a valid support contract from RSA. Providing you have purchased the token from an approved reseller you simply need to visit the RSA site [https://knowledge.rsasecurity.com/] and register for an account. From there you will have access to all of the software and documentation for the SID800 Tokens.
What actual problems did you have?
I’m troubleshooting the error “Unable to log on to the token” for a SID800 token when a machine, on a VPN (Cisco 800 series), boots up. Hibernate works fine as it seems to bypass the start-up sequence. The error is random, or seemingly so and has really got me scratching my head. The keyword Gina has got be me interested too and I’m also tempted to believe there is some time-out issue or bottleneck on boot up.
Let me know if you can help or have any extra details.
Mark, you should contact RSA customer support if you are still having errors.
Have you ever got the SecurID 800 to wrok as a SmartCard? This is the challenge I face. Thanks!
Hi Mark,
I have got the SID800s to work in the past, I had to make sure the CCID driver was installed. Hopefully my comment aboive [http://www.mattwaddell.com/2007/08/02/rsa-authentication-agent-and-sid800-tokens/comment-page-1/#comment-125] should help.
Please contact me, Matt. I’m a cousin of yours, born in Croydon and now living in Adelaide, South Australia. I do have your snail mail address – which was given to me through Dannii B’s aunt Rosemary – but it’s so much easier to email.
Peter William Waddell.
Think you have the wrong Matt Waddell. Good luck though.