RSA Security 6.1 manual Accounting

Page 21

Table 1. RADIUS Authentication Messages and Attributes (Continued)

	Message Conditions	Purpose of Message Attributes

	When a RADIUS server authenticates a	Allow the RAS to complete access
	connection request, it returns a RADIUS	negotiations.
	Access-Accept to the RAS.	Configure connection details such as
		providing the RAS with an IP address it
		can assign to the user.
		Enforce time limits and other “class of
		service” restrictions on the connection.

	When a RADIUS server is unable to	Terminate access negotiations.
	authenticate a connection request, it	Identify the reason for the authorization
	returns an Access-Reject to the RAS.	Identify the reason for the authorization
	returns an Access-Reject to the RAS.	failure.
		failure.

	If initial authentication conditions are	Enable the RAS to prompt the user for
	met, but additional input is needed from	more authentication data.
	the user, the RADIUS server returns an	Complete the current Access-Request, so
	Access-Challenge to the RAS.	Complete the current Access-Request, so
	Access-Challenge to the RAS.	the RAS can issue a new one.
		the RAS can issue a new one.

Accounting

To understand the RSA RADIUS Server accounting sequence, you need an overview of RADIUS accounting messages. Table 2 describes the conditions under which each type of message is issued, and the purpose of any RADIUS attributes that a message contains.

Table 2. Message Conditions and Attributes

Message Conditions

Purpose of Message Attributes

Accounting data is sent from client to server using an Accounting-Request message. The client manufacturer decides which types of accounting requests are sent, and under which conditions. This table describes the most typical conditions.

The client ensures that the server receives accounting requests. Most clients retry periodically until the server responds.

Depending on the value of the Acct-Status-Type attribute, the message type is considered to be Start, Stop, Interim-Acct, Accounting-On, or Accounting-Off.

RSA RADIUS Server 6.1 Administrator’s Guide

About RSA RADIUS Server

9

Image 21

Contents RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index About This Guide AudienceWhat’s In This Manual Syntax Conventions RSA Radius Server Documentation Related DocumentationVendor Information Requests for Comments RFCsGetting Support and Service Third-Party ProductsBefore You Call for Customer Support About RSA Radius Server RSA Radius Server FeaturesAbout RSA Radius Server September RSA Radius Server OverviewRSA Radius Authentication Radius Packets Radius Configuration Radius Server ConfigurationRadius Client Configuration Radius Shared SecretsRadius Secret Replication SecretNode Secret Radius Ports AuthenticationAccounting Comma-Delimited Log Files Accounting SequenceTunneled Accounting Dictionaries AttributesVendor-Specific Attributes Make/Model FieldChecklist Attributes Attribute ListsUpdating Attribute Information Attribute Values Return List AttributesMulti-Valued Attributes Orderable Attributes Default ValuesSystem Assigned Values Echo PropertyCentralized Configuration Management Designating a New Primary Radius Server Replacing a Replica Radius ServerChanging the Name or IP Address of a Server Recovering a Replica After a Failed DownloadBefore You Begin Installing the RSA Radius ServerRequired Files Data Migration/RegistrationSystem Requirements Installing on WindowsIf you are installing a Replica RSA Radius Server, click Installing the RSA Radius ServerUninstalling the RSA Radius Server Software Installer Syntax Installing on SolarisPath Reppkg Installing the RSA Radius Server SoftwareEnter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Linux Server System Requirements Installing on LinuxShould be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Running RSA Radius Administrator Using RSA Radius AdministratorNavigating in RSA Radius Administrator RSA Radius Administrator MenusFile Menu Panel Menu See , Administering Radius Clients onRSA Radius Administrator Toolbar Web MenuHelp Menu Adding an Entry RSA Radius Administrator WindowsSample Add Window Editing an EntrySample Edit Window Cutting/Copying/Pasting RecordsResizing Columns Using Context MenusChanging Column Sequence Sorting InformationAccessing Online Help Displaying Version InformationAdding a License Key Add a License for Server Window Exiting the RSA Radius AdministratorRadius Clients Panel Administering Radius ClientsAdd Radius Client Window Adding a Radius ClientSecret to display the characters in the shared secret Deleting a Radius Client Verifying a Shared SecretPage Administering Radius Clients September Administering Profiles Adding a Checklist or Return List Attribute for a ProfileAbout Profiles Resolving Profile and User Attributes Default ProfileAdding a Profile Setting Up ProfilesClick Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Statistics Displaying Server Authentication StatisticsStatistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Statistics Panel System Accounting Statistics Displaying Server Accounting StatisticsAccounting Statistic Meaning Displaying Radius Client Statistics Resetting Server StatisticsOptionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Adding a Radius Server Manually Replication PanelAdd Server Window Deleting a Radius Server Enabling a Radius ServerNotifying Replica Radius Servers Publishing Server Configuration InformationDesignating a New Primary Radius Server Recovering a Replica After a Failed DownloadChanging the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Using the Radius System Log LoggingLogging Files Controlling Log File Size Level of Logging DetailAccounting Log File Format Using the Accounting LogComma Placeholders First Line HeadingsAcct-Status-Type Standard Radius Accounting AttributesAcct-Input-Packets P e n d i x a Ldap Configuration Interface FileLdap Utilities About the Ldap Configuration InterfaceDownloading the Ldap Utilities Ldap RequestsLdap Version Compliance Configuring the Ldap TCP PortAvailable Attributes Ldap Virtual SchemaLdap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Searching for Records Ldap Command ExamplesLdapmodify Option Meaning Modifying RecordsWhere Adding Records Deleting Records Statistics Variables Counter StatisticsStattype server Stattype accounting Stattype authenticationRate Statistics Using the Ldap Configuration Interface September AAA GlossaryDNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode