RSA Security 6.1 manual RSA Radius Server Overview, About RSA Radius Server September

Page 14

XCentralized configuration management (CCM) provides simplified configuration management and automatic data distribution for multi-server environments.

XAuthentication logs provide a complete audit trail of user authentication activity and administrative transactions.

XEncryption of communication between the RSA RADIUS Server and the RSA Authentication Manager prevents electronic eavesdropping.

RSA RADIUS Server Overview

RADIUS is an industry-standard protocol for providing authentication, authorization, and accounting services.

XAuthentication is the process of verifying a user’s identity and determining whether the user is allowed on the network.

XAuthorization is the process of controlling the network resources that the user can access on the protected network, such as privileges and time limits.

XAccounting is the process of generating log files that record statistics describing each connection session, used for billing, system diagnosis, and usage planning.

Figure 1 illustrates a simple RSA RADIUS authentication and authorization sequence using a TTLS/PAP tunnel to facilitate communication between the access client and the RSA RADIUS server.

Note that some access clients may be configured to use RSA Security EAP or Protected One-Time Password (POTP) instead of a TTLS/PAP tunnel. In such cases, the sequence of transactions is similar, though the communication mechanics are different.

Note also that the RSA RADIUS server and the RSA Authentication Manager can reside on the same network host or on different network hosts.

2

About RSA RADIUS Server

September 2005

Image 14

Contents RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index What’s In This Manual About This GuideAudience Syntax Conventions Vendor Information Related DocumentationRSA Radius Server Documentation Requests for Comments RFCsBefore You Call for Customer Support Getting Support and ServiceThird-Party Products RSA Radius Server Features About RSA Radius ServerRSA Radius Server Overview About RSA Radius Server SeptemberRSA Radius Authentication Radius Packets Radius Client Configuration Radius ConfigurationRadius Server Configuration Shared Secrets RadiusNode Secret Radius SecretReplication Secret Authentication Radius PortsAccounting Accounting Sequence Comma-Delimited Log FilesTunneled Accounting Vendor-Specific Attributes AttributesDictionaries Make/Model FieldUpdating Attribute Information Checklist AttributesAttribute Lists Multi-Valued Attributes Attribute ValuesReturn List Attributes System Assigned Values Default ValuesOrderable Attributes Echo PropertyCentralized Configuration Management Replacing a Replica Radius Server Designating a New Primary Radius ServerRecovering a Replica After a Failed Download Changing the Name or IP Address of a ServerRequired Files Installing the RSA Radius ServerBefore You Begin Data Migration/RegistrationInstalling on Windows System RequirementsInstalling the RSA Radius Server If you are installing a Replica RSA Radius Server, clickUninstalling the RSA Radius Server Software Installing on Solaris Installer SyntaxPath Installing the RSA Radius Server Software ReppkgEnter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Installing on Linux Linux Server System RequirementsShould be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Using RSA Radius Administrator Running RSA Radius AdministratorFile Menu Navigating in RSA Radius AdministratorRSA Radius Administrator Menus See , Administering Radius Clients on Panel MenuHelp Menu RSA Radius Administrator ToolbarWeb Menu RSA Radius Administrator Windows Adding an EntryEditing an Entry Sample Add WindowCutting/Copying/Pasting Records Sample Edit WindowChanging Column Sequence Using Context MenusResizing Columns Sorting InformationAdding a License Key Accessing Online HelpDisplaying Version Information Exiting the RSA Radius Administrator Add a License for Server WindowAdministering Radius Clients Radius Clients PanelAdding a Radius Client Add Radius Client WindowSecret to display the characters in the shared secret Verifying a Shared Secret Deleting a Radius ClientPage Administering Radius Clients September About Profiles Administering ProfilesAdding a Checklist or Return List Attribute for a Profile Default Profile Resolving Profile and User AttributesSetting Up Profiles Adding a ProfileClick Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Server Authentication Statistics Displaying StatisticsStatistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Displaying Server Accounting Statistics Statistics Panel System Accounting StatisticsAccounting Statistic Meaning Resetting Server Statistics Displaying Radius Client StatisticsOptionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Replication Panel Adding a Radius Server ManuallyAdd Server Window Enabling a Radius Server Deleting a Radius ServerPublishing Server Configuration Information Notifying Replica Radius ServersRecovering a Replica After a Failed Download Designating a New Primary Radius ServerChanging the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Logging Files Using the Radius System LogLogging Level of Logging Detail Controlling Log File SizeUsing the Accounting Log Accounting Log File FormatFirst Line Headings Comma PlaceholdersStandard Radius Accounting Attributes Acct-Status-TypeAcct-Input-Packets Ldap Configuration Interface File P e n d i x aAbout the Ldap Configuration Interface Ldap UtilitiesLdap Requests Downloading the Ldap UtilitiesConfiguring the Ldap TCP Port Ldap Version ComplianceLdap Virtual Schema Available AttributesLdap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Ldap Command Examples Searching for RecordsModifying Records Ldapmodify Option MeaningWhere Adding Records Deleting Records Stattype server Statistics VariablesCounter Statistics Stattype authentication Stattype accountingRate Statistics Using the Ldap Configuration Interface September Glossary AAADNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode