RSA Radius Authentication | RSA Security 6.1 manual

	Access	Remote	RSA	RSA
	Client	Access	RADIUS	RSA
	Client	Access	RADIUS	Authentication
		Server	Server	Authentication
		Server	Server	Manager
				Manager
		1. Connection Request	Connection Notification
		2. TTLS/PAP Tunnel Negotiation
		TTLS/PAP Tunnel
			3. User ID/Passcode?
		4. User ID/Passcode		5. User ID/Passcode
		8a. Connection Accepted	7a. Access-Accept (Attributes)	6a. Passcode Accepted (Profile Name)
		8b. Connection Refused	7b. Access-Reject	6b. Passcode Rejected

Figure 1 RSA RADIUS Authentication

1A RADIUS access client, who could be a dial-in user, a mobile user with wireless network access, or someone working at a remote office, sends an authentication request to a remote access server (RAS), which might be a wireless Access Point, an ISDN bridge, or a modem pool.

NOTE: The terms “remote access server” (RAS) and “network access server” (NAS) are interchangeable. This manual uses RAS, though some attribute names and parameters retain the older ‘NAS’ in their names.

2When the RAS receives a user’s connection request, it performs an initial access negotiation with the user to establish connection information. It forwards this information to the RSA RADIUS server, which uses the information to create a tunnel between itself and the access client.

3The RSA RADIUS server sends a request for the user’s credentials through the TTLS tunnel.

4The access client sends a user ID and passcode (tokencode and personal identification number) to the RSA RADIUS server.

5The RSA RADIUS server forwards the user’s user ID and passcode to the RSA Authentication Manager, which verifies that the user ID exists and that the passcode is correct for that user at that specific time.

6If the user’s information is accepted, the RSA Authentication Manager returns a message indicating that the passcode is accepted (6a). The RSA Authentication Manager may also return the name of the profile associated with this user in the Access-Accept message.

RSA RADIUS Server 6.1 Administrator’s Guide

About RSA RADIUS Server

3

Image 15

RSA Security 6.1 manual RSA Radius Authentication

Contents

RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index About This Guide AudienceWhat’s In This Manual Syntax Conventions Requests for Comments RFCs Related DocumentationRSA Radius Server Documentation Vendor Information Getting Support and Service Third-Party ProductsBefore You Call for Customer Support About RSA Radius Server RSA Radius Server Features About RSA Radius Server September RSA Radius Server Overview RSA Radius Authentication Radius Packets Radius Configuration Radius Server ConfigurationRadius Client Configuration Radius Shared Secrets Radius Secret Replication SecretNode Secret Radius Ports Authentication Accounting Comma-Delimited Log Files Accounting Sequence Tunneled Accounting Make/Model Field AttributesDictionaries Vendor-Specific Attributes Checklist Attributes Attribute ListsUpdating Attribute Information Attribute Values Return List AttributesMulti-Valued Attributes Echo Property Default ValuesOrderable Attributes System Assigned Values Centralized Configuration Management Designating a New Primary Radius Server Replacing a Replica Radius Server Changing the Name or IP Address of a Server Recovering a Replica After a Failed Download Data Migration/Registration Installing the RSA Radius ServerBefore You Begin Required Files System Requirements Installing on Windows If you are installing a Replica RSA Radius Server, click Installing the RSA Radius Server Uninstalling the RSA Radius Server Software Installer Syntax Installing on Solaris Path Reppkg Installing the RSA Radius Server Software Enter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Linux Server System Requirements Installing on Linux Should be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Running RSA Radius Administrator Using RSA Radius Administrator Navigating in RSA Radius Administrator RSA Radius Administrator MenusFile Menu Panel Menu See , Administering Radius Clients on RSA Radius Administrator Toolbar Web MenuHelp Menu Adding an Entry RSA Radius Administrator Windows Sample Add Window Editing an Entry Sample Edit Window Cutting/Copying/Pasting Records Sorting Information Using Context MenusResizing Columns Changing Column Sequence Accessing Online Help Displaying Version InformationAdding a License Key Add a License for Server Window Exiting the RSA Radius Administrator Radius Clients Panel Administering Radius Clients Add Radius Client Window Adding a Radius Client Secret to display the characters in the shared secret Deleting a Radius Client Verifying a Shared SecretPage Administering Radius Clients September Administering Profiles Adding a Checklist or Return List Attribute for a ProfileAbout Profiles Resolving Profile and User Attributes Default Profile Adding a Profile Setting Up Profiles Click Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Statistics Displaying Server Authentication Statistics Statistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Statistics Panel System Accounting Statistics Displaying Server Accounting Statistics Accounting Statistic Meaning Displaying Radius Client Statistics Resetting Server Statistics Optionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Adding a Radius Server Manually Replication Panel Add Server Window Deleting a Radius Server Enabling a Radius Server Notifying Replica Radius Servers Publishing Server Configuration Information Designating a New Primary Radius Server Recovering a Replica After a Failed Download Changing the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Using the Radius System Log LoggingLogging Files Controlling Log File Size Level of Logging Detail Accounting Log File Format Using the Accounting Log Comma Placeholders First Line Headings Acct-Status-Type Standard Radius Accounting Attributes Acct-Input-Packets P e n d i x a Ldap Configuration Interface File Ldap Utilities About the Ldap Configuration Interface Downloading the Ldap Utilities Ldap Requests Ldap Version Compliance Configuring the Ldap TCP Port Available Attributes Ldap Virtual Schema Ldap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Searching for Records Ldap Command Examples Ldapmodify Option Meaning Modifying Records Where Adding Records Deleting Records Statistics Variables Counter StatisticsStattype server Stattype accounting Stattype authentication Rate Statistics Using the Ldap Configuration Interface September AAA Glossary DNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode