November
Americas Headquarters
Installing and Configuring Cisco Access Registrar
Cisco Systems, Inc 170 West Tasman Drive San Jose, CA
Installing and Configuring Cisco Access Registrar
Copyright 2007 Cisco Systems, Inc. All rights reserved
Cisco.com
C O N T E N T S
Overview
License Slabs
3-12
Using pkgrm to Remove Cisco Access Registrar Solaris Software
3-11
3-12
Installing Cisco Access Registrar Software from CD-ROM
Using aregcmd
Creating a RemoteServer
Creating and Setting Group Membership
Using a Script to Determine Service
Contents
Configuring Session Management
Configuring Session Management
Installing and Configuring Cisco Access Registrar
OL-17221-02
viii
Contents Installing and Configuring Cisco Access Registrar
Cisco.com
About This Guide
Obtaining Documentation
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Documentation Feedback
For Emergencies only - security-alert@cisco.com
http//tools.cisco.com/RPF/register/register.do
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
xiii
OL-17221-02
Installing and Configuring Cisco Access Registrar
About This Guide
Overview
Installation Dialog Overview
Installation Type
C H A P T E R
Java 2 Runtime Environment
Installation Location
License File Location
Open Database Connectivity
Continue with Installation
Downloading Cisco Access Registrar Software
Example Configuration
Base Directory
Cisco Access Registrar 4.2 Licensing
CSCOar-4.2.1-sol10-k9.tar.gz for Solaris
Product
Getting Cisco Access Registrar 4.2 License
License Slabs
Description
Sample License File
Installing Cisco Access Registrar 4.2 Licenses
Adding Additional Cisco Access Registrar 4.2 Licenses
opt/CSCOar/bin/arserver restart
Launching aregcmd
aregcmd Command-Line Option
Displaying License Information
aregcmd -l directoryname
OL-17221-02
Chapter 1 Overview Cisco Access Registrar 4.2 Licensing
Installing and Configuring Cisco Access Registrar
Installing the Cisco Access Registrar 4.2 License File, page
Installing Cisco Access Registrar
Installing the Cisco Access Registrar 4.2 License File
Installing Cisco Access Registrar 4.2 Software on Solaris, page
Installing Downloaded Software
Deciding Where to Install
Installing Cisco Access Registrar Software from CD-ROM
Deciding Where to Install
zcat CSCOar-4.2.1-sol9-K9.tar.gz tar xvf
Common Solaris Installation Steps
Step 5 Proceed to Common Solaris Installation Steps
pkgadd -d /tmp CSCOar
Step 9 Enter the directory or mount point where the J2RE is installed
Chapter 2 Installing Cisco Access Registrar
Step 13 Enter Y to install the setuid/setgid files
Step 14 Enter Y to continue with the software installation
Installing Cisco Access Registrar 4.2 Software on Solaris
Configuring SNMP
Installing Cisco Access Registrar 4.2 Software on Linux
Installing Cisco Access Registrar on LDoms
RPC Bind Services
chmod 777 CSCOar-4.2.1-lnx26-install-K9.sh
Common Linux Installation Steps
cp CSCOar-4.2.1-lnx26-install-K9.sh /tmp
cd /cdrom/cdrom0/kit/linux-2.4
Build Host spencer.cnslab.cisco.com
CSCOar-4.2.1-lnx26-install-k9.sh
Build Date Mon Nov 03 235551
Copyright C
Installing Cisco Access Registrar 4.2 Software on Linux
Configuring SNMP
Chapter 2 Installing Cisco Access Registrar
Installing and Configuring Cisco Access Registrar
Installing Cisco Access Registrar 4.2 Software on Linux
2-10
Chapter 2 Installing Cisco Access Registrar
Installing and Configuring Cisco Access Registrar
Linux Software Upgrade Overview, page Software Upgrade Tasks, page
Solaris Software Upgrade Overview
Solaris Software Upgrade Overview, page
Installing the Cisco Access Registrar License File, page
cd /opt mv AICar1 CSCOar
Linux Software Upgrade Overview
See Using pkgrm to Remove Cisco Access Registrar Solaris Software
etc/init.d/arserver restart
cd /radius/replication
Software Upgrade Tasks
Disabling Replication
etc/init.d/arserver restart
pkgrm AICar1
Using pkgrm to Remove Cisco Access Registrar Solaris Software
Removing the AICar1 Package
Chapter 3 Upgrading Cisco Access Registrar Software
Removing the CSCOar Package
pkgrm CSCOar
Software Upgrade Tasks
Using uninstall-ar to Remove Linux Software
cd /opt/CSCOar/bin uninstall-ar
Deciding Where to Install, page
Installing the Cisco Access Registrar License File
Upgrading Cisco Access Registrar Solaris Software
Installing Cisco Access Registrar Software from CD-ROM, page
Installing Downloaded Software
zcat CSCOar-4.2.1-sol9-k9.tar.gz tar xf
Installing Cisco Access Registrar Software from CD-ROM
Common Solaris Installation Steps
Step 1 For a full install, press Enter
Step 9 Enter Y to install the setuid/setgid files
3-10
Step 7 Enter the administrator userID and password
Step 10 Enter Y to continue with the software installation
Configuring SNMP
Back-up Copy of Original Configuration
3-11
If you choose not to use the SNMP features of CAR, the installation process is completed. To use SNMP features, complete the configuration procedure described in Configuring SNMP
3-12
VSA Update Script
Removing Old VSA Names
Common Linux Installation Steps, page
Upgrading Cisco Access Registrar Linux Software
Using uninstall-ar to Remove Linux Software, page
opt/CSCOar/data
cd /opt/CSCOar/bin arserver stop
uninstall-ar
cp CSCOar-4.2.1-lnx26-install-k9.sh /tmp
cd /cdrom/cdrom0/kit/linux-2.6
3-15
chmod 777 CSCOar-4.2.1-lnx26-install-k9.sh
CSCOar-4.2.1-lnx26-install-K9.sh
Common Linux Installation Steps
3-16
directory where it is installed
opt/CSCOar/jakarta-tomcat-4.0.6/webapps/tomcat-docs/ssl-howto.html
Backup Copy of Original Configuration
3-17
Preparing
Chapter 3 Upgrading Cisco Access Registrar Software
3-18
VSA Update Script
Upgrading Cisco Access Registrar Linux Software
3-19
Configuring SNMP
Restarting Replication
Configuring SNMP
Installing and Configuring Cisco Access Registrar
3-20
Chapter 3 Upgrading Cisco Access Registrar Software
Restarting Replication
General Command Syntax
Configuring Cisco Access Registrar
Using aregcmd
Using aregcmd, page Configuring a Basic Site, page
Running aregcmd
Configuring a Basic Site
aregcmd Commands
cd admin
Changing the Administrator’s Password
cd //localhost/Administrators
set Password
cd /Administrators
Configuring the RADIUS Server
Creating Additional Administrators
add jane testadmin
Selecting Ports to Use
Checking the System-Level Defaults
set DefaultSessionManager
Checking the Server’s Health
cd /Radius/Advanced/Ports
Displaying the UserLists
Step 1 Change directory to /Radius/Advanced/Ports
add add ls
ls -R
Displaying the Default UserList
Adding Users to UserLists
add jane
Displaying UserGroups
set password jane
cd /Radius/UserLists/Default delete beth
Deleting Users
cd /Radius/Clients
Configuring Clients
Adding a NAS
add QuickExampleNAS
set IncomingScript ParseServiceHints EnableDynamicAuthorization TRUE
Configuring Profiles
Setting RADIUS Attributes
EnableNotifications TRUE
Saving and Reloading
Validating and Using Your Changes
Adding Multiple Cisco AV Pairs
set Framed-Routing 192.168.1.0/24
radclient -s
Testing Your Configuration
Using radclient
simple john john
Setting the Trace Level
Configuring Accounting
Troubleshooting Your Configuration
p001 send
Stopping the Master Agent
Enabling SNMP in the Cisco Access Registrar Server
set Enabled TRUE
aregcmd cd /Radius/Advanced/SNMP
opt/CSCOar/bin/arserver stop
Access Control
Modifying the snmpd.conf File
4-15
Trap Recipient
Configuring Dynamic DNS
Restarting the Master Agent
System Contact Information
cd /Radius/RemoteServers add ddns
cd /Radius/Advanced/DDNS/TSIGKeys add foo.com
cd foo.com set Secret base64-encoded string
cd ddns set Protocol dynamic-dns
set ForwardZoneTSIGKey foo.com set ReverseZoneTSIGKey foo.com
Testing Dynamic DNS with radclient
set IPAddress 10.10.10.1 ip address of primary dns server for zone
cd /Radius/ResourceManagers add ddns
acctrequest Start username
cd /opt/CSCOar/bin aregcmd
trace Step 3 Launch radclient cd /opt/CSCOar/bin radclient
set p acctrequest Start bob
Installing and Configuring Cisco Access Registrar
4-20
Chapter 4 Configuring Cisco Access Registrar Configuring Dynamic DNS
OL-17221-02
Configuring Specific Groups
Customizing Your Configuration
Configuring Groups
C H A P T E R
cd /Radius/UserLists/Default/jean
Creating and Setting Group Membership
add PPP-users Users who always connect using PPP default-PPP-users
Object
cd /Radius/UserGroups/Default
Configuring a Default Group
Using a Script to Determine Service
set AuthorizationScript AuthorizeService
save
Configuring Multiple UserLists
set Group Default
reload
Creating Separate UserLists
Configuring Separate UserLists
Configuring Users
Populating UserLists
cd /Radius/Services
Configuring Services
Creating Separate Services
cd /Radius/Services/North-users
Choosing the Scripting Point
Configuring the Script
Client Scripting
cd /Radius
add ParseUserName Rex libParseUserName.so ParseUserName
Configuring a Remote Server for AA
Handling Multiple Scripts
Save tcl scripts in the directory /opt/CSCOar/scripts/radius/tcl
cd /Radius/RemoteServers
Configuring the Remote Server
Creating a RemoteServer
add QuickExample
set Port
set UserPasswordAttribute password
set protocol ldap
5-10
set type ldap
Creating Services
add remote-ldap Remote LDAP Service
5-11
set DefaultAuthentication remote-ldap
Configuring Multiple Remote Servers
Changing the Authentication and Authorization Defaults
set DefaultAuthorization remote-ldap
add North
Configuring Two Remote Servers
Creating RemoteServers
5-13
set protocol radius
Creating the Services
cd /Radius/RemoteServers/North
set SharedSecret
Configuring the Script
set IncomingScript ParseRemoteServers
5-15
Choosing the Scripting Point
Creating a Resource Manager
Configuring Session Management
Configuring a Resource Manager
5-16
cd /Radius/ResourceManagers
Configuring a Session Manager
Creating a Session Manager
add rm-100
set 1 rm-100
Configuring Session Management
Enabling Session Management
5-18
IN-1
Symbols
I N D E
Java 2 Platform
IN-2
Failover policy
IN-3
IN-4