RSA Security 6.1 Adding Records

RSA RADIUS Server 6.1 Administrator’s Guide Using the LDAP Configuration Interface 93

The following syntax is valid if the same keyword applies throughout the

transaction:

dn: distinguished-name-of-entry

changetype: keyword

subkeyword: attribute

attribute: value

subkeyword: attribute

attribute: value

subkeyword: attribute

attribute: value

.

.

.

subkeyword: attribute entries are optional and indicate that you want to

apply the change to a specific attribute within the entry. If there are no

subkeyword: attribute entries in the transaction, the change applies to the

entire entry. For example, it is faster to delete an entire entry:

dn: radiusname=TINYCO.COM,radiusclass=client,o=radius

changetype: delete

but if you want to delete only a few attributes from the entry, you may do so:

dn: radiusname=TINYCO.COM,radiusclass=client,o=radius

changetype: delete

delete: acct-shared-secret

If the subkeyword is add or replace, an attribute: value entry must

appear immediately following the subkeyword: attribute entry. If the

subkeyword is delete, the attribute: value entry does not apply and

should be omitted.

Adding Records

You can populate an LDAP database by creating an LDIF file that imports entries

from one LDAP database into another. You can search the first database for the

entries you want, then add them to the second database. You can even use the

search operation to filter out attributes from the first database that you do not

want in the second database. You can search the first database using

ldapsearch. This creates an LDIF file which you can then input to

ldapmodify.

To import entries from one LDAP database into another, run the ldapsearch

command on the first database. Request only the attributes you want for the new

database. When ldapsearch completes processing, edit the output LDIF file.

After each line that begins with dn:, add a single line containing the text

Contents

Main Contact Information Copyright Trademarks Page Contents About This Guide Chapter 1 About RSA RADIUS Server Chapter 2 Installing the RSA RADIUS Server Chapter 3 Using RSA RADIUS Administrator Chapter 4 Administering RADIUS Clients Chapter 5 Administering Profiles Chapter 6 Displaying Statistics Chapter 7 Administering RADIUS Servers Chapter 8 Logging Appendix A Using the LDAP Configuration Interface Glossary Index About This Guide Audience Whats In This Manual Syntax Conventions Related Documentation RSA RADIUS Server Documentation Vendor Information Requests for Comments (RFCs) Third-Party Products Getting Support and Service Before You Call for Customer Support Chapter 1 About RSA RADIUS Server RSA RADIUS Server Features RSA RADIUS Server Overview Page RADIUS Packets RADIUS Configuration RADIUS Server Configuration RADIUS Client Configuration Shared Secrets RADIUS Secret Replication Secret Node Secret RADIUS Ports Authentication RSA RADIUS Server 6.1 Administrators Guide About RSA RADIUS Server 9 Accounting 10 About RSA RADIUS Server September 2005 Accounting Sequence Comma-Delimited Log Files Tunneled Accounting Attributes Dictionaries Vendor-Specific Attributes Make/Model Field Updating Attribute Information Attribute Lists Checklist Attributes Return List Attributes Attribute Values Multi-Valued Attributes Orderable Attributes System Assigned Values Echo Property Default Values Centralized Configuration Management Replacing a Replica RADIUS Server Designating a New Primary RADIUS Server Page Chapter 2 Installing the RSA RADIUS Server Before You Begin Required Files Data Migration/Registration Installing on Windows Installing the RSA RADIUS Server Page Installing on Solaris Installer Syntax Page Installing the RSA RADIUS Server Software Page Stopping and Starting the RADIUS Daemon Migration Log File Installing on Linux Installer Syntax Page Installing the RSA RADIUS Server Software Page Stopping and Starting the RADIUS Daemon Page Chapter 3 Using RSA RADIUS Administrator Running RSA RADIUS Administrator Navigating in RSA RADIUS Administrator RSA RADIUS Administrator Menus File Menu RSA RADIUS Server 6.1 Administrators Guide Using RSA RADIUS Administrator 37 Panel Menu Table 9 describes the functions of each entry in the Panel menu in the RSA RADIUS Administrator. Web Menu Help Menu RSA RADIUS Administrator Toolbar RSA RADIUS Server 6.1 Administrators Guide Using RSA RADIUS Administrator 39 Figure 5 RSA RADIUS Administrator Toolbar RSA RADIUS Administrator Windows This section summarizes how to use RSA RADIUS Administrator windows and controls. Adding an Entry Editing an Entry Cutting/Copying/Pasting Records Using Context Menus Accessing Online Help Displaying Version Information Adding a License Key Exiting the RSA RADIUS Administrator Page Adding a RADIUS Client Page Verifying a Shared Secret Deleting a RADIUS Client Page Page Chapter 5 Administering Profiles About Profiles Adding a Checklist or Return List Attribute for a Profile Resolving Profile and User Attributes Default Profile Setting Up Profiles Adding a Profile Page Removing a Profile Page Chapter 6 Displaying Statistics Displaying Server Authentication Statistics 58 Displaying Statistics September 2005 Figure 18 Statistics Panel: System Authentication Statistics RSA RADIUS Server 6.1 Administrators Guide Displaying Statistics 59 Displaying Server Accounting Statistics RSA RADIUS Server 6.1 Administrators Guide Displaying Statistics 61 Table 14 describes the accounting statistics and suggested actions in italics (if appropriate). Resetting Server Statistics Displaying RADIUS Client Statistics Page Page Chapter 7 Administering RADIUS Servers Replication Panel Adding a RADIUS Server Manually Page Enabling a RADIUS Server Deleting a RADIUS Server Publishing Server Configuration Information Notifying Replica RADIUS Servers Designating a New Primary RADIUS Server Recovering a Replica After a Failed Download Changing the Name or IP Address of a Server Regenerating a Node Secret Resetting the RADIUS Database Page Chapter 8 Logging Logging Files Using the RADIUS System Log Level of Logging Detail Controlling Log File Size Using the Accounting Log Accounting Log File Format First Line Headings Comma Placeholders Standard RADIUS Accounting Attributes Table 16 lists the standard RADIUS accounting attributes defined in RFC 2866, RADIUS Accounting. 80 Logging September 2005 Acct-Input-Packets Acct-Output-Packets Acct-Termination-Cause Acct-Multi-Session-Id Appendix A Using the LDAP Configuration Interface LDAP Configuration Interface File About the LDAP Configuration Interface LDAP Utilities LDAP Requests Downloading the LDAP Utilities LDAP Version Compliance Configuring the LDAP TCP Port RSA RADIUS Server 6.1 Administrators Guide Using the LDAP Configuration Interface 85 199.198.197.196 196.197.198.199 Figure 26 LDAP Schema (Slide 1 of 4) LDAP Virtual Schema NOTE: radiusstatus items can be read, but they cannot be modified. 86 Using the LDAP Configuration Interface September 2005 Figure 27 LDAP Schema (Slide 2 of 4) RSA RADIUS Server 6.1 Administrators Guide Using the LDAP Configuration Interface 87 Figure 28 LDAP Schema (Slide 3 of 4) Page Page LDAP Command Examples Searching for Records RSA RADIUS Server 6.1 Administrators Guide Using the LDAP Configuration Interface 91 Modifying Records You can use the ldapmodify command to modify the RSARADIUS Server configuration. Page Adding Records Deleting Records Statistics Variables Counter Statistics stattype: server 96 Using the LDAP Configuration Interface September 2005 stattype: authentication stattype: accounting Rate Statistics Page Glossary Page Page Page Page Page Index