Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
CMAK and RSA SecurID
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
CMAK and RSA SecurID - 23.Feb.2006 3:25:55 AM
|
|
|
jerrice
Posts: 28
Joined: 9.Dec.2005
Status: offline
|
Has anyone tried to create a reasonable installer with CMAK that works with RSA SecurID? The issue is that the CMAK creates a connection requiring Username and Password, but then the following RSA SecurID prompt also requires username and password. entering the correct username/password on the first screen (actually, username/passcode) doesn't transfer to the second screen. Either it needs to transfer it, or it should not ask for it on the first screen.
Has anyone solved this? If not, how would you suggest deploying clients? I'd really like to get this down to a single installer rather than 2, plus filling out everything I can all automated-like...
Thanks...
_____________________________
-Jerry
|
|
|
|
|
RE: CMAK and RSA SecurID - 23.Feb.2006 6:14:43 PM
|
|
|
jerrice
Posts: 28
Joined: 9.Dec.2005
Status: offline
|
I got part of this figured out. I'll document it here in case anyone needs it:
There are a number of optional "Advanced" settings that do not show up in the Advanced list by default. You can type them in manually. These include a few that can hide all the prompting (set in the Connection Manager key):
HideDomain (set to 1 to hide domain prompt)
HidePassword (set to 1 to hide domain password)
HideInternetPassword (set to 1 to hide internet password)
HideUserName (set to 1 to hide domain username)
HideInternetUsername (set to 1 to hide internet username)
I'm still working on a way to launch the silent command-line RSA EAP installer from the CMAK installer...
< Message edited by jerrice -- 23.Feb.2006 6:16:19 PM >
_____________________________
-Jerry
|
|
|
|
|
RE: CMAK and RSA SecurID - 24.Feb.2006 3:14:08 AM
|
|
|
jerrice
Posts: 28
Joined: 9.Dec.2005
Status: offline
|
Ok, got this all straightened out, and I'll post the results here to help anyone else out... Much thanks to Jason Jones, who pointed me at the post-install processing for the CMAK installer and provided other info. Without that, this would be MUCH uglier than it already is. 
In addition to the above changes, there is a section in the profilename.inf file called [RunPostSetupCommandsSection]. You can add any programs you want to run there (make sure you include them in the Additional Files dialog during the CMAK Wizard). This line will kick off the RSA Authentication Agent:
"msiexec /qn /norestart /i ""%49000%\%ShortSvcName%\RSA ACEAgent for Windows.msi"""
The %49000% variable is the location that the CMAK installs things to. I am actually running a batch file instead, in order to prompt for a admin user name using RunAs, but it's basically the same thing.
So, for RSA, you need to include the installer msi (RSA Authentication Agent for Windows.msi) and the options file (packageOptionsFile.txt). The options file tells it to just install the EAP bits. If you do not have the options file, here is the text (there is likely a bit of extra stuff in this text, remove it if you don't need to specify it):
InstallSilentDAC=0
InstallSilentLAC=0
InstallSilentAUTOREG=0
InstallSilentRAS=0
InstallSilentEAP=1
AUTH_CONFIG_DIALOG=1
AUTHCONFIGSELECTED=1
AGENT_ACTIVATION_STATE=True
WINDOWS_PASSWORD_STATE=True
IMPORT_CUSTOMBITMAP_STATE=False
ENABLE_NOVELL_PASSWORD_UPDATE=0
PIN_UNLOCK_ENABLED_STATE=False
PIN_UNLOCK_TIMEOUT=75
PIN_UNLOCK_ATTEMPTS=3
REGISTRY_CONFIG_STATE=False
Hopefully this will help someone else out in this same position...
_____________________________
-Jerry
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
