radiusstatus= acct_stats_by_nas

radiusstatus=

acct_stats_by_nasipaddr

cn=<monitor>

 

 

 

 

 

 

 

 

 

nasname=

 

 

 

nasipaddr=

 

<nas-name>

 

 

 

<nas-ip-addr>

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Available Attributes: nasname <name> nasipaddr <name start <number> stop <number> interim <number> on <number>

off <number> invalid-shared-secret <number>

Available Attributes: dn <string> version <string> threads <number> connection <string> currentconnections <number> totalconnections <number> dtablesize <number> writewaiters <number> readwaiters <number> opsinitiated <number> opscompleted <number> entriessent <number> bytessent <number> currenttime <time> starttime <time> nbackends <number>

Figure 29 LDAP Schema (Slide 4 of 4)

While the LDAP virtual schema diagram shows as much of the detail of the LDAP virtual schema as possible, the following rules and limitations should be considered.

XBind request – All attempts to perform operations on the virtual schema must be preceded by an LDAP Bind request that authenticates the administrator to the RSA RADIUS Server. The Bind request must reference an RSA RADIUS Server administrative account and must provide the password that authenticates that account. This translates into the following command line options for each invocation of the LDAP utilities:

-D "cn=username,o=radius" -w { passcode cachedPW }

where username is the user account name, passcode is the RSA passcode associated with the user, and cachedPW is the user’s cached password.

XUppercase and lowercase – The uppercase/lowercase rules for object names are the same as in the RSA RADIUS Administrator application; almost all object names are stored in the database in uppercase format.

XAttributes – The LDAP virtual schema diagram does not explicitly list all the dictionary attributes that are available in the latest version of

RSA RADIUS Server. The rules for entering dictionary attributes are that the attribute name must match the name found in the dictionary and the syntax type determines what is allowed for the attribute's value.

88

Using the LDAP Configuration Interface

September 2005

Page 100
Image 100
RSA Security 6.1 manual Cn=username,o=radius -w passcode cachedPW