Americas Headquarters
Installing and Configuring Cisco Access Registrar
November
Cisco Systems, Inc 170 West Tasman Drive San Jose, CA
Installing and Configuring Cisco Access Registrar
Copyright 2007 Cisco Systems, Inc. All rights reserved
C O N T E N T S
Overview
Cisco.com
License Slabs
Using pkgrm to Remove Cisco Access Registrar Solaris Software
3-11
3-12
3-12
Installing Cisco Access Registrar Software from CD-ROM
Using aregcmd
Creating a RemoteServer
Creating and Setting Group Membership
Using a Script to Determine Service
Configuring Session Management
Configuring Session Management
Contents
Installing and Configuring Cisco Access Registrar
OL-17221-02
viii
Contents Installing and Configuring Cisco Access Registrar
Cisco.com
About This Guide
Obtaining Documentation
Reporting Security Problems in Cisco Products
Documentation Feedback
Cisco Product Security Overview
For Emergencies only - security-alert@cisco.com
http//tools.cisco.com/RPF/register/register.do
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
xiii
OL-17221-02
Installing and Configuring Cisco Access Registrar
About This Guide
Installation Dialog Overview
Installation Type
Overview
C H A P T E R
Installation Location
License File Location
Java 2 Runtime Environment
Open Database Connectivity
Downloading Cisco Access Registrar Software
Example Configuration
Continue with Installation
Base Directory
Cisco Access Registrar 4.2 Licensing
CSCOar-4.2.1-sol10-k9.tar.gz for Solaris
Getting Cisco Access Registrar 4.2 License
License Slabs
Product
Description
Installing Cisco Access Registrar 4.2 Licenses
Adding Additional Cisco Access Registrar 4.2 Licenses
Sample License File
opt/CSCOar/bin/arserver restart
aregcmd Command-Line Option
Displaying License Information
Launching aregcmd
aregcmd -l directoryname
OL-17221-02
Chapter 1 Overview Cisco Access Registrar 4.2 Licensing
Installing and Configuring Cisco Access Registrar
Installing Cisco Access Registrar
Installing the Cisco Access Registrar 4.2 License File
Installing the Cisco Access Registrar 4.2 License File, page
Installing Cisco Access Registrar 4.2 Software on Solaris, page
Deciding Where to Install
Installing Cisco Access Registrar Software from CD-ROM
Installing Downloaded Software
Deciding Where to Install
Common Solaris Installation Steps
Step 5 Proceed to Common Solaris Installation Steps
zcat CSCOar-4.2.1-sol9-K9.tar.gz tar xvf
pkgadd -d /tmp CSCOar
Step 9 Enter the directory or mount point where the J2RE is installed
Step 13 Enter Y to install the setuid/setgid files
Step 14 Enter Y to continue with the software installation
Chapter 2 Installing Cisco Access Registrar
Installing Cisco Access Registrar 4.2 Software on Solaris
Installing Cisco Access Registrar 4.2 Software on Linux
Installing Cisco Access Registrar on LDoms
Configuring SNMP
RPC Bind Services
Common Linux Installation Steps
cp CSCOar-4.2.1-lnx26-install-K9.sh /tmp
chmod 777 CSCOar-4.2.1-lnx26-install-K9.sh
cd /cdrom/cdrom0/kit/linux-2.4
CSCOar-4.2.1-lnx26-install-k9.sh
Build Date Mon Nov 03 235551
Build Host spencer.cnslab.cisco.com
Copyright C
Configuring SNMP
Chapter 2 Installing Cisco Access Registrar
Installing Cisco Access Registrar 4.2 Software on Linux
Installing and Configuring Cisco Access Registrar
2-10
Chapter 2 Installing Cisco Access Registrar
Installing Cisco Access Registrar 4.2 Software on Linux
Installing and Configuring Cisco Access Registrar
Solaris Software Upgrade Overview
Solaris Software Upgrade Overview, page
Linux Software Upgrade Overview, page Software Upgrade Tasks, page
Installing the Cisco Access Registrar License File, page
Linux Software Upgrade Overview
See Using pkgrm to Remove Cisco Access Registrar Solaris Software
cd /opt mv AICar1 CSCOar
etc/init.d/arserver restart
Software Upgrade Tasks
Disabling Replication
cd /radius/replication
etc/init.d/arserver restart
pkgrm AICar1
Using pkgrm to Remove Cisco Access Registrar Solaris Software
Removing the AICar1 Package
Removing the CSCOar Package
pkgrm CSCOar
Chapter 3 Upgrading Cisco Access Registrar Software
Software Upgrade Tasks
Using uninstall-ar to Remove Linux Software
cd /opt/CSCOar/bin uninstall-ar
Installing the Cisco Access Registrar License File
Upgrading Cisco Access Registrar Solaris Software
Deciding Where to Install, page
Installing Cisco Access Registrar Software from CD-ROM, page
zcat CSCOar-4.2.1-sol9-k9.tar.gz tar xf
Installing Cisco Access Registrar Software from CD-ROM
Installing Downloaded Software
Common Solaris Installation Steps
Step 1 For a full install, press Enter
3-10
Step 7 Enter the administrator userID and password
Step 9 Enter Y to install the setuid/setgid files
Step 10 Enter Y to continue with the software installation
Back-up Copy of Original Configuration
3-11
Configuring SNMP
If you choose not to use the SNMP features of CAR, the installation process is completed. To use SNMP features, complete the configuration procedure described in Configuring SNMP
3-12
VSA Update Script
Removing Old VSA Names
Upgrading Cisco Access Registrar Linux Software
Using uninstall-ar to Remove Linux Software, page
Common Linux Installation Steps, page
opt/CSCOar/data
uninstall-ar
cp CSCOar-4.2.1-lnx26-install-k9.sh /tmp
cd /opt/CSCOar/bin arserver stop
cd /cdrom/cdrom0/kit/linux-2.6
chmod 777 CSCOar-4.2.1-lnx26-install-k9.sh
CSCOar-4.2.1-lnx26-install-K9.sh
3-15
Common Linux Installation Steps
3-16
directory where it is installed
Backup Copy of Original Configuration
3-17
opt/CSCOar/jakarta-tomcat-4.0.6/webapps/tomcat-docs/ssl-howto.html
Preparing
3-18
VSA Update Script
Chapter 3 Upgrading Cisco Access Registrar Software
Upgrading Cisco Access Registrar Linux Software
Configuring SNMP
Restarting Replication
3-19
Configuring SNMP
3-20
Chapter 3 Upgrading Cisco Access Registrar Software
Installing and Configuring Cisco Access Registrar
Restarting Replication
Configuring Cisco Access Registrar
Using aregcmd
General Command Syntax
Using aregcmd, page Configuring a Basic Site, page
Running aregcmd
Configuring a Basic Site
aregcmd Commands
Changing the Administrator’s Password
cd //localhost/Administrators
cd admin
set Password
Configuring the RADIUS Server
Creating Additional Administrators
cd /Administrators
add jane testadmin
Checking the System-Level Defaults
set DefaultSessionManager
Selecting Ports to Use
Checking the Server’s Health
Displaying the UserLists
Step 1 Change directory to /Radius/Advanced/Ports
cd /Radius/Advanced/Ports
add add ls
Displaying the Default UserList
Adding Users to UserLists
ls -R
add jane
set password jane
cd /Radius/UserLists/Default delete beth
Displaying UserGroups
Deleting Users
Configuring Clients
Adding a NAS
cd /Radius/Clients
add QuickExampleNAS
Configuring Profiles
Setting RADIUS Attributes
set IncomingScript ParseServiceHints EnableDynamicAuthorization TRUE
EnableNotifications TRUE
Validating and Using Your Changes
Adding Multiple Cisco AV Pairs
Saving and Reloading
set Framed-Routing 192.168.1.0/24
Testing Your Configuration
Using radclient
radclient -s
simple john john
Configuring Accounting
Troubleshooting Your Configuration
Setting the Trace Level
p001 send
Enabling SNMP in the Cisco Access Registrar Server
set Enabled TRUE
Stopping the Master Agent
aregcmd cd /Radius/Advanced/SNMP
Access Control
Modifying the snmpd.conf File
opt/CSCOar/bin/arserver stop
4-15
Configuring Dynamic DNS
Restarting the Master Agent
Trap Recipient
System Contact Information
cd /Radius/Advanced/DDNS/TSIGKeys add foo.com
cd foo.com set Secret base64-encoded string
cd /Radius/RemoteServers add ddns
cd ddns set Protocol dynamic-dns
Testing Dynamic DNS with radclient
set IPAddress 10.10.10.1 ip address of primary dns server for zone
set ForwardZoneTSIGKey foo.com set ReverseZoneTSIGKey foo.com
cd /Radius/ResourceManagers add ddns
cd /opt/CSCOar/bin aregcmd
trace Step 3 Launch radclient cd /opt/CSCOar/bin radclient
acctrequest Start username
set p acctrequest Start bob
4-20
Chapter 4 Configuring Cisco Access Registrar Configuring Dynamic DNS
Installing and Configuring Cisco Access Registrar
OL-17221-02
Customizing Your Configuration
Configuring Groups
Configuring Specific Groups
C H A P T E R
Creating and Setting Group Membership
add PPP-users Users who always connect using PPP default-PPP-users
cd /Radius/UserLists/Default/jean
Object
Configuring a Default Group
Using a Script to Determine Service
cd /Radius/UserGroups/Default
set AuthorizationScript AuthorizeService
Configuring Multiple UserLists
set Group Default
save
reload
Configuring Separate UserLists
Configuring Users
Creating Separate UserLists
Populating UserLists
Configuring Services
Creating Separate Services
cd /Radius/Services
cd /Radius/Services/North-users
Configuring the Script
Client Scripting
Choosing the Scripting Point
cd /Radius
Configuring a Remote Server for AA
Handling Multiple Scripts
add ParseUserName Rex libParseUserName.so ParseUserName
Save tcl scripts in the directory /opt/CSCOar/scripts/radius/tcl
Configuring the Remote Server
Creating a RemoteServer
cd /Radius/RemoteServers
add QuickExample
set UserPasswordAttribute password
set protocol ldap
set Port
5-10
Creating Services
add remote-ldap Remote LDAP Service
set type ldap
5-11
Configuring Multiple Remote Servers
Changing the Authentication and Authorization Defaults
set DefaultAuthentication remote-ldap
set DefaultAuthorization remote-ldap
Configuring Two Remote Servers
Creating RemoteServers
add North
5-13
Creating the Services
cd /Radius/RemoteServers/North
set protocol radius
set SharedSecret
set IncomingScript ParseRemoteServers
5-15
Configuring the Script
Choosing the Scripting Point
Configuring Session Management
Configuring a Resource Manager
Creating a Resource Manager
5-16
Configuring a Session Manager
Creating a Session Manager
cd /Radius/ResourceManagers
add rm-100
Configuring Session Management
Enabling Session Management
set 1 rm-100
5-18
IN-1
Symbols
I N D E
Java 2 Platform
IN-2
Failover policy
IN-3
IN-4