How to Use Connection Manager Administration Kit with SecurID (259356)

MORE INFORMATION

You must use the Windows 2000 version of CMAK to create RAS connections that work with SecurID on Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows NT 4.0, and Windows 2000 DUN clients.

NOTE: The Windows NT 4.0 Options Pack or Microsoft Internet Explorer Administration Kit (IEAK) versions of CMAK do not allow you to create a connection that works with SecurID in the following examples.

Windows 2000 Client Connects to a Windows 2000 RRAS Server with SecurID

Windows 2000 servers and clients support Extensible Authentication Protocol (EAP). To use CMAK with SecurID:

1. Install the SecurID EAP Client located in the Ix86\Valueadd\3rdparty\Security\sdit\ folder of the Windows 2000 Server CD-ROM. An updated version of the EAP DLL file is available from RSA Security (the vendor for SecurID), and you should contact a third-party vendor for the update.
2. Create a RAS connection. To do so, click Start, point to Settings, point to Network and Dial-up Connections, and then click Make New Connection.
3. Right-click the connection you just created, click Advanced (custom settings) on the Security tab, and then click Settings.
4. Under Logon security, click Use Extensible Authentication Protocol (EAP), and then click the ACE server from the list.
5. Run the CMAK Wizard to create the .cms file.
6. Use a text editor (such as Notepad.exe) to view the Rasphone.pbk file in the c:\Program Files\Cmak\Profiles folder. Make a note of the first 128 characters of the file because you will use these in the next step.
7. Use a text editor to add or edit the following lines under the [Server&DUN Setting] section of the .cms file you just created:

   Custom_Security = 1
   Require_EAP = 1
   CustomAuthKey = 1
   CustomAuthData0 = first 128 characters of information from Rasphone.pbk

   where first 128 characters of information from Rasphone.pbk is the information from step six in this article. If more than 128 characters of authentication data are required, use sequentially numbered CustomAuthData# entries (CustomAuthData1=, etc).
8. Run the CMAK Wizard again to implement the changes.

Further information on custom authentication data is available in the Windows 2000 CMAK documentation under the heading "Advanced Customization: editing service-profile files" in the product Help.

Windows 95 and Windows 98 Clients Connect to a Windows NT 4.0 RAS Server with SecurID

By default, Windows 95 and Windows 98 clients open a terminal window when you run a script, which enables you to type the SecurID code.

1. Use a text editor (such as Notepad.exe) to create the following script:

   proc main
   set screen keyboard on
   halt
   endproc

2. Save this script with a .scp file extension in the Program Files\Accessories folder of your computer.
3. Run the CMAK Wizard again, and type the script name you just created when you are prompted for DUN settings.

Windows NT 4.0 Client Connects to a Windows NT 4.0 RAS Server with SecurID

Windows NT 4.0 does not support DUN connections by using SecurID. To work around this issue:

1. Use the CMAK Wizard to configure a pre-VPN tunnel action that makes a connection to the SecurID server.
2. Connect to your ISP by using DUN.
3. After you are successfully authenticated by the ISP, establish a VPN tunnel to your SecurID server.