Jump to content
Welcome to our new Citrix community!

NetScaler 11.1 - RSA "new PIN mode" fails after Update


Dmitri Chernichkin

Recommended Posts

We have  NetScalers v. 11.1. Build 65.12 using RSA 8.5 for external authentication through RADIUS  and LDAP for authentication with Active Directory. Users are able to login with AD credentials and RSA Token. All is functioning well unless a new RSA token is issued and the user needs to enter a new PIN or  the "Clear  SecureID PIN" has been set on the RSA server.


This functioned perfectly in our previous setup until Update Build 65.12.


But now user can enter a new PIN, RSA set the new PIN and send RADIUS_ACCEPT (“Authentication succeeded in new PIN mode“) back to Netscaler. But Netscaler does not redirect user to StoreFront. It waits for something else. After 5-6 Minutes Netscaler shows the error:
Http/1.1 Internal Server Error 43549


The only option is to close browser, start browser again and start new session with new PIN.


Results of aaad.debug shows:

--------------------------------------------------------------------
/usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[788]: receive_ldap_user_bind_event Got user bind event.
Thu Oct 29 12:11:54 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/ldap_common.c[371]: ns_ldap_check_result checking LDAP result.  Expecting 97 (LDAP_RES_BIND)
Thu Oct 29 12:11:54 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/ldap_common.c[408]: ns_ldap_check_result ldap_result found expected result LDAP_RES_BIND
Thu Oct 29 12:11:54 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[797]: receive_ldap_user_bind_event Bind OK.
Thu Oct 29 12:11:54 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[3729]: unregister_timer releasing timer 146343
Thu Oct 29 12:11:54 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[2569]: send_accept sending accept to kernel for : %User-ID%
Thu Oct 29 12:11:54 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[774]: process_kernel_socket partition id is 0
Thu Oct 29 12:11:54 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[873]: process_kernel_socket call to authenticate user :%User-ID%, vsid :10235
Thu Oct 29 12:11:54 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[3381]: start_cascade_auth starting cascade authentication
Thu Oct 29 12:11:54 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/radius_drv.c[778]: continue_radius_auth attempting to auth %User-ID% @ 10.xx.xx.xx
Thu Oct 29 12:11:54 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[3660]: register_timer setting timer 146344
Thu Oct 29 12:11:56 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/radius_drv.c[2050]: process_radius Got RADIUS event
Thu Oct 29 12:11:56 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[3729]: unregister_timer releasing timer 146344
Thu Oct 29 12:11:56 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/radius_drv.c[2165]: process_radius radius challenges : %User-ID%
Thu Oct 29 12:12:02 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[774]: process_kernel_socket partition id is 0
Thu Oct 29 12:12:02 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[3660]: register_timer setting timer 146345
Thu Oct 29 12:12:02 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/radius_drv.c[2050]: process_radius Got RADIUS event
Thu Oct 29 12:12:02 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[3729]: unregister_timer releasing timer 146345
Thu Oct 29 12:12:02 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/radius_drv.c[2165]: process_radius radius challenges : %User-ID%
Thu Oct 29 12:12:07 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[774]: process_kernel_socket partition id is 0
Thu Oct 29 12:12:07 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[3660]: register_timer setting timer 146346
Thu Oct 29 12:12:09 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/radius_drv.c[2050]: process_radius Got RADIUS event
Thu Oct 29 12:12:09 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[3729]: unregister_timer releasing timer 146346
Thu Oct 29 12:12:09 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/radius_drv.c[2100]: process_radius radius accepts : %User-ID%
Thu Oct 29 12:12:09 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/radius_drv.c[2103]: process_radius extracted group string :(null)
Thu Oct 29 12:12:09 2020
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[2569]: send_accept sending accept to kernel for : %User-ID%

---------------------------------------------------------------------------------------------

 

Any ideas would be helpful.
 
Thanks in advance,

 

Dmitri

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...