Erin Mulder on 28 Jun 2007 15:50:28 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] SecurID stuck in "Next Passcode" mode after using VPNC

  • From: "Erin Mulder" <meara@alumni.princeton.edu>
  • To: plug@lists.phillylinux.org
  • Subject: [PLUG] SecurID stuck in "Next Passcode" mode after using VPNC
  • Date: Thu, 28 Jun 2007 11:50:24 -0400
  • Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:x-google-sender-auth; b=CAhO3Z5PyAcc/loTd4KcO2AdZQTKLz1lkv0jcXqpetzlsqapdTgv+9mFsXbqxTj/ovcp2D7mimpgLwGzbqv+qgWiCc+aSWV3uSpGl1ZQF+IoFR9jnVeDeOQBwk2qO64CBeppRXqa+BXhVL0w3nMzjYtcy0ZemP6saoBU/zqYxT0=
  • Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
  • Sender: plug-bounces@lists.phillylinux.org
I recently switched laptops (T42p to T60) and SuSE versions (10.0 to 10.2) and have been having trouble connecting to a SecurID-secured Cisco VPN since then.

On my old laptop, I used the cisco linux client and never had problems (aside from general slowness).  However, the Cisco client didn't seem to work right on my new laptop (it would login, but didn't seem to configure the right routes or DNS).  So I tried out VPNC through KNetworkManager and all was great.  Easy to configure and actually much faster than the old setup had been.

The next day, I couldn't login at all with vpnc or the cisco client.  I called the network support guys and they said I had gotten stuck in "next passcode" mode (googling also turned up references to this as "next tokencode" mode).  After they reset me, all was good and I happily connected again.

Unfortunately, I've got the same problem again today.  This time, I did some troubleshooting and ran vpnc directly from the command line with -xauth-inter.  It is indeed prompting me for the next passcode, and doesn't ever stop doing that.  I've tried entering both pin+password and password in response to that "Next PASSCODE" prompt.  Neither works.

For what it's worth, I'm not entering bad login info, and I am waiting for the next token each time, so I don't think I'm getting myself into "next passcode" mode through user error.

My questions:

1) Has anyone seen this before in conjunction with VPNC?  One random thought was that maybe it has some sort of reconnect-after-a-disconnect feature that is trying to log me in without the passcode (and thus triggering the "next passcode" mode).  Other ideas or possibilities?

2) If this is a known problem, any idea on how to get my account working again without a support call?  Connecting from a Windows Cisco Client doesn't do the trick.

3) Are there other common reasons why this could be happening?  I use NTP and my system time seems to be accurate so I don't think that's the problem.  Things work fine after a reset, so I don't think there's anything wrong with the SecurID itself.

Any help would be greatly appreciated!  I'm the only Linux user on this project and don't want to look like I'm wasting everyone's time with Linux-specific issues.

Thanks,
Erin
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug