RSA Security 6.1 manual Radius Packets

Page 16

If the user ID is not found or if the passcode is not appropriate for the specified user, the RSA Authentication Manager returns a message indicating the passcode is not accepted (6b).

7If the RSA RADIUS server receives a message indicating the passcode is accepted, it forwards a RADIUS Access-Accept message to the RAS (7a).

Z If the RSA Authentication Manager specified a profile name with the accept message, the RSA RADIUS server sends the return list attributes associated with that profile to the RAS.

Z If the RSA Authentication Manager did not specify a profile name with the accept message, the RSA RADIUS server sends the return list attributes associated with the default profile to the RAS.

For example, the Access-Accept message might specify that the access client must use a specific IP address or be connected to a specific VLAN on the network.

If the RSA RADIUS server receives a message indicating the passcode is rejected, it forwards a RADIUS Access-Reject message to the RAS (7b).

NOTE: If the user requesting the network connection is in New Pin mode or New Token mode (not shown), the RSA Authentication Manager sends a message asking for more information, which the RSA RADIUS server forwards to the user. When the user responds with values the

RSA RADIUS server can accept, the authentication sequence continues.

8Depending on what information the RAS receives from the RSA RADIUS server, the RAS accepts and configures the user connection or rejects the user connection.

9Based on the information it receives from the RSA RADIUS server, the RAS grants or denies the connection request.

After the user is authenticated and the connection established, the RAS might forward accounting data to the RSA RADIUS server to document the transaction; the RSA RADIUS server can store or forward this data to support billing for services provided during the network connection.

RADIUS Packets

A RADIUS client and a RADIUS server communicate by means of RADIUS packets. RADIUS packets carry messages between the RADIUS client and RADIUS server in a series of request and response transactions: the client sends a request and expects a response from the server. If the response does not arrive, the client can retry the request periodically.

4

About RSA RADIUS Server

September 2005

Image 16

Contents RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index Audience About This GuideWhat’s In This Manual Syntax Conventions Related Documentation RSA Radius Server DocumentationVendor Information Requests for Comments RFCsThird-Party Products Getting Support and ServiceBefore You Call for Customer Support RSA Radius Server Features About RSA Radius ServerRSA Radius Server Overview About RSA Radius Server SeptemberRSA Radius Authentication Radius Packets Radius Server Configuration Radius ConfigurationRadius Client Configuration Shared Secrets RadiusReplication Secret Radius SecretNode Secret Authentication Radius PortsAccounting Accounting Sequence Comma-Delimited Log FilesTunneled Accounting Attributes DictionariesVendor-Specific Attributes Make/Model FieldAttribute Lists Checklist AttributesUpdating Attribute Information Return List Attributes Attribute ValuesMulti-Valued Attributes Default Values Orderable AttributesSystem Assigned Values Echo PropertyCentralized Configuration Management Replacing a Replica Radius Server Designating a New Primary Radius ServerRecovering a Replica After a Failed Download Changing the Name or IP Address of a ServerInstalling the RSA Radius Server Before You BeginRequired Files Data Migration/RegistrationInstalling on Windows System RequirementsInstalling the RSA Radius Server If you are installing a Replica RSA Radius Server, clickUninstalling the RSA Radius Server Software Installing on Solaris Installer SyntaxPath Installing the RSA Radius Server Software ReppkgEnter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Installing on Linux Linux Server System RequirementsShould be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Using RSA Radius Administrator Running RSA Radius AdministratorRSA Radius Administrator Menus Navigating in RSA Radius AdministratorFile Menu See , Administering Radius Clients on Panel MenuWeb Menu RSA Radius Administrator ToolbarHelp Menu RSA Radius Administrator Windows Adding an EntryEditing an Entry Sample Add WindowCutting/Copying/Pasting Records Sample Edit WindowUsing Context Menus Resizing ColumnsChanging Column Sequence Sorting InformationDisplaying Version Information Accessing Online HelpAdding a License Key Exiting the RSA Radius Administrator Add a License for Server WindowAdministering Radius Clients Radius Clients PanelAdding a Radius Client Add Radius Client WindowSecret to display the characters in the shared secret Verifying a Shared Secret Deleting a Radius ClientPage Administering Radius Clients September Adding a Checklist or Return List Attribute for a Profile Administering ProfilesAbout Profiles Default Profile Resolving Profile and User AttributesSetting Up Profiles Adding a ProfileClick Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Server Authentication Statistics Displaying StatisticsStatistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Displaying Server Accounting Statistics Statistics Panel System Accounting StatisticsAccounting Statistic Meaning Resetting Server Statistics Displaying Radius Client StatisticsOptionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Replication Panel Adding a Radius Server ManuallyAdd Server Window Enabling a Radius Server Deleting a Radius ServerPublishing Server Configuration Information Notifying Replica Radius ServersRecovering a Replica After a Failed Download Designating a New Primary Radius ServerChanging the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Logging Using the Radius System LogLogging Files Level of Logging Detail Controlling Log File SizeUsing the Accounting Log Accounting Log File FormatFirst Line Headings Comma PlaceholdersStandard Radius Accounting Attributes Acct-Status-TypeAcct-Input-Packets Ldap Configuration Interface File P e n d i x aAbout the Ldap Configuration Interface Ldap UtilitiesLdap Requests Downloading the Ldap UtilitiesConfiguring the Ldap TCP Port Ldap Version ComplianceLdap Virtual Schema Available AttributesLdap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Ldap Command Examples Searching for RecordsModifying Records Ldapmodify Option MeaningWhere Adding Records Deleting Records Counter Statistics Statistics VariablesStattype server Stattype authentication Stattype accountingRate Statistics Using the Ldap Configuration Interface September Glossary AAADNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode