Installing and Configuring Cisco Access Registrar
Americas Headquarters
November
Cisco Systems, Inc 170 West Tasman Drive San Jose, CA
Copyright 2007 Cisco Systems, Inc. All rights reserved
Installing and Configuring Cisco Access Registrar
Overview
C O N T E N T S
Cisco.com
License Slabs
3-11
Using pkgrm to Remove Cisco Access Registrar Solaris Software
3-12
3-12
Using aregcmd
Installing Cisco Access Registrar Software from CD-ROM
Creating and Setting Group Membership
Using a Script to Determine Service
Creating a RemoteServer
Configuring Session Management
Configuring Session Management
Contents
Installing and Configuring Cisco Access Registrar
viii
Contents Installing and Configuring Cisco Access Registrar
OL-17221-02
About This Guide
Obtaining Documentation
Cisco.com
Documentation Feedback
Reporting Security Problems in Cisco Products
Cisco Product Security Overview
For Emergencies only - security-alert@cisco.com
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
http//tools.cisco.com/RPF/register/register.do
Definitions of Service Request Severity
Submitting a Service Request
xiii
Obtaining Additional Publications and Information
Installing and Configuring Cisco Access Registrar
About This Guide
OL-17221-02
Installation Type
Installation Dialog Overview
Overview
C H A P T E R
License File Location
Installation Location
Java 2 Runtime Environment
Open Database Connectivity
Example Configuration
Downloading Cisco Access Registrar Software
Continue with Installation
Base Directory
CSCOar-4.2.1-sol10-k9.tar.gz for Solaris
Cisco Access Registrar 4.2 Licensing
License Slabs
Getting Cisco Access Registrar 4.2 License
Product
Description
Adding Additional Cisco Access Registrar 4.2 Licenses
Installing Cisco Access Registrar 4.2 Licenses
Sample License File
opt/CSCOar/bin/arserver restart
Displaying License Information
aregcmd Command-Line Option
Launching aregcmd
aregcmd -l directoryname
Chapter 1 Overview Cisco Access Registrar 4.2 Licensing
Installing and Configuring Cisco Access Registrar
OL-17221-02
Installing the Cisco Access Registrar 4.2 License File
Installing Cisco Access Registrar
Installing the Cisco Access Registrar 4.2 License File, page
Installing Cisco Access Registrar 4.2 Software on Solaris, page
Installing Cisco Access Registrar Software from CD-ROM
Deciding Where to Install
Installing Downloaded Software
Deciding Where to Install
Step 5 Proceed to Common Solaris Installation Steps
Common Solaris Installation Steps
zcat CSCOar-4.2.1-sol9-K9.tar.gz tar xvf
pkgadd -d /tmp CSCOar
Step 9 Enter the directory or mount point where the J2RE is installed
Step 14 Enter Y to continue with the software installation
Step 13 Enter Y to install the setuid/setgid files
Chapter 2 Installing Cisco Access Registrar
Installing Cisco Access Registrar 4.2 Software on Solaris
Installing Cisco Access Registrar on LDoms
Installing Cisco Access Registrar 4.2 Software on Linux
Configuring SNMP
RPC Bind Services
cp CSCOar-4.2.1-lnx26-install-K9.sh /tmp
Common Linux Installation Steps
chmod 777 CSCOar-4.2.1-lnx26-install-K9.sh
cd /cdrom/cdrom0/kit/linux-2.4
Build Date Mon Nov 03 235551
CSCOar-4.2.1-lnx26-install-k9.sh
Build Host spencer.cnslab.cisco.com
Copyright C
Chapter 2 Installing Cisco Access Registrar
Configuring SNMP
Installing Cisco Access Registrar 4.2 Software on Linux
Installing and Configuring Cisco Access Registrar
Chapter 2 Installing Cisco Access Registrar
2-10
Installing Cisco Access Registrar 4.2 Software on Linux
Installing and Configuring Cisco Access Registrar
Solaris Software Upgrade Overview, page
Solaris Software Upgrade Overview
Linux Software Upgrade Overview, page Software Upgrade Tasks, page
Installing the Cisco Access Registrar License File, page
See Using pkgrm to Remove Cisco Access Registrar Solaris Software
Linux Software Upgrade Overview
cd /opt mv AICar1 CSCOar
etc/init.d/arserver restart
Disabling Replication
Software Upgrade Tasks
cd /radius/replication
etc/init.d/arserver restart
Using pkgrm to Remove Cisco Access Registrar Solaris Software
Removing the AICar1 Package
pkgrm AICar1
pkgrm CSCOar
Removing the CSCOar Package
Chapter 3 Upgrading Cisco Access Registrar Software
Software Upgrade Tasks
cd /opt/CSCOar/bin uninstall-ar
Using uninstall-ar to Remove Linux Software
Upgrading Cisco Access Registrar Solaris Software
Installing the Cisco Access Registrar License File
Deciding Where to Install, page
Installing Cisco Access Registrar Software from CD-ROM, page
Installing Cisco Access Registrar Software from CD-ROM
zcat CSCOar-4.2.1-sol9-k9.tar.gz tar xf
Installing Downloaded Software
Common Solaris Installation Steps
Step 1 For a full install, press Enter
Step 7 Enter the administrator userID and password
3-10
Step 9 Enter Y to install the setuid/setgid files
Step 10 Enter Y to continue with the software installation
3-11
Back-up Copy of Original Configuration
Configuring SNMP
If you choose not to use the SNMP features of CAR, the installation process is completed. To use SNMP features, complete the configuration procedure described in Configuring SNMP
VSA Update Script
Removing Old VSA Names
3-12
Using uninstall-ar to Remove Linux Software, page
Upgrading Cisco Access Registrar Linux Software
Common Linux Installation Steps, page
opt/CSCOar/data
cp CSCOar-4.2.1-lnx26-install-k9.sh /tmp
uninstall-ar
cd /opt/CSCOar/bin arserver stop
cd /cdrom/cdrom0/kit/linux-2.6
CSCOar-4.2.1-lnx26-install-K9.sh
chmod 777 CSCOar-4.2.1-lnx26-install-k9.sh
3-15
Common Linux Installation Steps
directory where it is installed
3-16
3-17
Backup Copy of Original Configuration
opt/CSCOar/jakarta-tomcat-4.0.6/webapps/tomcat-docs/ssl-howto.html
Preparing
VSA Update Script
3-18
Chapter 3 Upgrading Cisco Access Registrar Software
Upgrading Cisco Access Registrar Linux Software
Restarting Replication
Configuring SNMP
3-19
Configuring SNMP
Chapter 3 Upgrading Cisco Access Registrar Software
3-20
Installing and Configuring Cisco Access Registrar
Restarting Replication
Using aregcmd
Configuring Cisco Access Registrar
General Command Syntax
Using aregcmd, page Configuring a Basic Site, page
Configuring a Basic Site
aregcmd Commands
Running aregcmd
cd //localhost/Administrators
Changing the Administrator’s Password
cd admin
set Password
Creating Additional Administrators
Configuring the RADIUS Server
cd /Administrators
add jane testadmin
set DefaultSessionManager
Checking the System-Level Defaults
Selecting Ports to Use
Checking the Server’s Health
Step 1 Change directory to /Radius/Advanced/Ports
Displaying the UserLists
cd /Radius/Advanced/Ports
add add ls
Adding Users to UserLists
Displaying the Default UserList
ls -R
add jane
cd /Radius/UserLists/Default delete beth
set password jane
Displaying UserGroups
Deleting Users
Adding a NAS
Configuring Clients
cd /Radius/Clients
add QuickExampleNAS
Setting RADIUS Attributes
Configuring Profiles
set IncomingScript ParseServiceHints EnableDynamicAuthorization TRUE
EnableNotifications TRUE
Adding Multiple Cisco AV Pairs
Validating and Using Your Changes
Saving and Reloading
set Framed-Routing 192.168.1.0/24
Using radclient
Testing Your Configuration
radclient -s
simple john john
Troubleshooting Your Configuration
Configuring Accounting
Setting the Trace Level
p001 send
set Enabled TRUE
Enabling SNMP in the Cisco Access Registrar Server
Stopping the Master Agent
aregcmd cd /Radius/Advanced/SNMP
Modifying the snmpd.conf File
Access Control
opt/CSCOar/bin/arserver stop
4-15
Restarting the Master Agent
Configuring Dynamic DNS
Trap Recipient
System Contact Information
cd foo.com set Secret base64-encoded string
cd /Radius/Advanced/DDNS/TSIGKeys add foo.com
cd /Radius/RemoteServers add ddns
cd ddns set Protocol dynamic-dns
set IPAddress 10.10.10.1 ip address of primary dns server for zone
Testing Dynamic DNS with radclient
set ForwardZoneTSIGKey foo.com set ReverseZoneTSIGKey foo.com
cd /Radius/ResourceManagers add ddns
trace Step 3 Launch radclient cd /opt/CSCOar/bin radclient
cd /opt/CSCOar/bin aregcmd
acctrequest Start username
set p acctrequest Start bob
Chapter 4 Configuring Cisco Access Registrar Configuring Dynamic DNS
4-20
Installing and Configuring Cisco Access Registrar
OL-17221-02
Configuring Groups
Customizing Your Configuration
Configuring Specific Groups
C H A P T E R
add PPP-users Users who always connect using PPP default-PPP-users
Creating and Setting Group Membership
cd /Radius/UserLists/Default/jean
Object
Using a Script to Determine Service
Configuring a Default Group
cd /Radius/UserGroups/Default
set AuthorizationScript AuthorizeService
set Group Default
Configuring Multiple UserLists
save
reload
Configuring Users
Configuring Separate UserLists
Creating Separate UserLists
Populating UserLists
Creating Separate Services
Configuring Services
cd /Radius/Services
cd /Radius/Services/North-users
Client Scripting
Configuring the Script
Choosing the Scripting Point
cd /Radius
Handling Multiple Scripts
Configuring a Remote Server for AA
add ParseUserName Rex libParseUserName.so ParseUserName
Save tcl scripts in the directory /opt/CSCOar/scripts/radius/tcl
Creating a RemoteServer
Configuring the Remote Server
cd /Radius/RemoteServers
add QuickExample
set protocol ldap
set UserPasswordAttribute password
set Port
5-10
add remote-ldap Remote LDAP Service
Creating Services
set type ldap
5-11
Changing the Authentication and Authorization Defaults
Configuring Multiple Remote Servers
set DefaultAuthentication remote-ldap
set DefaultAuthorization remote-ldap
Creating RemoteServers
Configuring Two Remote Servers
add North
5-13
cd /Radius/RemoteServers/North
Creating the Services
set protocol radius
set SharedSecret
5-15
set IncomingScript ParseRemoteServers
Configuring the Script
Choosing the Scripting Point
Configuring a Resource Manager
Configuring Session Management
Creating a Resource Manager
5-16
Creating a Session Manager
Configuring a Session Manager
cd /Radius/ResourceManagers
add rm-100
Enabling Session Management
Configuring Session Management
set 1 rm-100
5-18
Symbols
I N D E
IN-1
IN-2
Failover policy
Java 2 Platform
IN-3
IN-4