RSA Security 3.6.0 manual RSA SecurID Authentication Command Examples, RSA SecurID sdconf.rec

Page 5

RSA SecurID Authentication Command Examples

This section provides examples of all of the commands that are used to specify settings for the RSA Authentication Manager servers.

AAA:0 >>securid primary authentication server address 10.242.131.11 AAA:0 >>securid authentication port 4500

AAA:0 >>securid primary authentication server name bigsky1.com AAA:0 >>securid authentication encryption des

AAA:0 >>securid authentication retransmit 7 AAA:0 >>securid authentication timeout 3

AAA:0 >>securid authentication version version_5

Note: *If you do not specify a UDP port, retransmit value, timeout, version, encryption, or name for the RSA Authentication Manager server, the LX unit will use the default values for these settings.

RSA SecurID Local Subscriber Feature

Under the RSA Authentication Manager Local Subscriber Feature, a subscriber can be logged on in one of two ways:

As an LX subscriber with the attributes of that subscriber (if the LX subscriber account exists)

Or, if the LX subscriber account does not exist, as the default (InReach) subscriber.

Under either scenario, the subscriber must have an account on the RSA Authentication Manager server. If the subscriber account also exists on the LX unit, the subscriber is logged on under that account and given the attributes of that account. If the subscriber account does not exist on the LX unit, the subscriber is logged on under his RSA Authentication Manager account with the attributes of the default (InReach) account.

Use the securid local subscriber enable command to configure the RSA Authentication Manager Local Subscriber Feature for the LX unit; for example:

AAA:0 >>securid local subscriber enable

When the RSA Authentication Manager Local Subscriber Feature is set to only, the subscriber can only be logged in if the subscriber account is configured on both the LX unit and the RSA Authentication Manager server and the subscriber account on the LX server has the same name as the subscriber account on the RSA Authentication Manager server.

Use the securid local subscriber only command to set the RSA Authentication Manager Local Subscriber Feature to only; for example:

AAA:0 >>securid local subscriber only

RSA SecurID sdconf.rec

The LX software now supports the import of sdconf.rec files. To use the sdconf.rec file, download it into the LX / config directory. If this file is present on the LX, the RSA Authentication Manager system characteristics included within the sdconf.rec file will be used, and configuration of the RSA Authentication Manager attributes will be blocked at the CLI command level.

To download the sdconf.rec file:

1.Go to the shell.

2.Change to the directory cd / config directory.

3.From /config, perform an FTP and retrieve the sdconf.rec file.

5

Image 5
Contents Product Information Partner InformationProduct Requirements Solution SummaryAgent Host Configuration Setting Up RSA SecurID Authentication Command Line Interface Partner Authentication Agent ConfigurationRSA SecurID sdconf.rec RSA SecurID Authentication Command ExamplesRSA SecurID Local Subscriber Feature Setting Up RSA SecurID Authentication Web Interface Page Setting Up Radius Command Line Interface Setting Up Radius Web Interface Page TACACS+ Primary Authentication Server Commands Setting Up TACACS+TACACS+ Primary Accounting Server Commands TACACS+ Secondary Authentication Server CommandsSetting Up TACACS+ Web Interface Page LX Series Certification ChecklistMandatory Functionality RSA Native Protocol Radius Protocol Additional Functionality