Reset Search
 

 

Article

KB40111 - Pulse Secure Linux client does not support multiple authentication servers

« Go Back

Information

 
Last Modified Date4/20/2017 2:56 PM
Synopsis
 
Problem or Goal
When a Pulse Secure Linux user attempts to authenticated to the PCS device, the following error message will appear (in the ncsvc.log):
20160211161145.85091 ncsvc[p3058.t3058] dsclient.info <-- 302 
https://XXX.XX.XX.XXX/dana-na/auth/url_default/welcome.cgi?p=failed&auth=2 
(authenticate.cpp:213)
20160211161145.85155 ncsvc[p3058.t3058] dsclient.error state login failed, 
error 104 (dsclient.cpp:353)
20160211161145.85332 ncsvc[p3058.t3058] ncapp.error Failed to authenticate 
with IVE. Error 104 (ncsvc.cpp:253)

The error message highlighted above in 'red' indicates that a secondary authentication server is configured on the sign-in realm. 
Cause
This issue occurs due to the limited support of MFA during the initial release of Pulse Secure Linux client.
Solution
To resolve this issue, upgrade the Pulse Secure Linux client to 8.2R4 and above.  The following list of multi-factor authentication (MFA) vendor has been qualified by Pulse Secure with the 8.2R4 release:
  • RSA (software token and hardware token)
  • Duo Security
  • Safenet
With the additional support of Pulse Secure Linux UI, authentication will be performed by a web browser.  While other MFA vendor are not listed, we expect other MFA vendor performing authentication via a web browser will work as well.

Note:  Multi-factor authentication will only work using the Pulse UI.  This feature remains unsupported for the CLI.


Workaround:

If upgrading the Pulse Secure Linux is not possible, create a separate sign-in policy for Linux users that has a sign-in realm configured with one authentication/authorization server only.
Related Links
Attachment 1 
Created ByNick Christen

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255