Manuals / RSA Security / Computer Equipment / Server

RSA Security 6.1 manual Attribute Lists, Updating Attribute Information, Checklist Attributes

Models: 6.1

1 118

Download 118 pages 59.95 Kb

Page 25

Web info

nonstandard attributes that it encounters in the packet. Standard RADIUS attributes are always defined by the radius.dct file. If you do not know the make/model for a RADIUS client, choose the default option: - Standard Radius -.

For the most part, the selections currently available in the Make/model field are devices whose vendors have provided up-to-date attribute dictionaries. Documentation for these vendors and their products is available online by

clicking the button on the RADIUS Clients panel (described on page 45).

Updating Attribute Information

If your RAS vendor announces a new product, a new attribute, or a new value for an attribute, you can add this information to your RSA RADIUS Server configuration. You can edit the dictionary file for that vendor to add new attributes or attribute values, or you can create a new vendor-specific dictionary file that contains new attributes and values.

For information on modifying vendor dictionary files, refer to the

RSA RADIUS Server 6.1 Reference Guide.

Attribute Lists

You can use profiles to control authentication at finer levels of detail than simple user ID and password checking allow. Checklists and return lists provide powerful tools for the authentication and authorization of users.

Checklist Attributes

A checklist is a list of attributes that must accompany the request for connection before the connection request can be authenticated. The RAS must send attributes that match the checklist associated with a user entry; otherwise, RSA RADIUS Server rejects the user even if the user’s name and password are valid.

By including appropriate attributes in the checklist, a variety of rules can be enforced. For example, only specific users might be permitted to use ISDN or dial-in connections to a particular RAS, or Caller ID might be used to validate a user against a list of acceptable originating telephone numbers.

A checklist is created by choosing attributes from a list of all RADIUS attributes known to the RSA RADIUS Server. This list can include a variety of vendor-specific attributes.

RSA RADIUS Server 6.1 Administrator’s Guide

About RSA RADIUS Server

13

Image 25

RSA Security 6.1 manual Attribute Lists, Updating Attribute Information, Checklist Attributes

Contents

RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index Audience About This GuideWhat’s In This Manual Syntax Conventions RSA Radius Server Documentation Related DocumentationVendor Information Requests for Comments RFCsThird-Party Products Getting Support and ServiceBefore You Call for Customer Support About RSA Radius Server RSA Radius Server FeaturesAbout RSA Radius Server September RSA Radius Server OverviewRSA Radius Authentication Radius Packets Radius Server Configuration Radius ConfigurationRadius Client Configuration Radius Shared SecretsReplication Secret Radius SecretNode Secret Radius Ports AuthenticationAccounting Comma-Delimited Log Files Accounting SequenceTunneled Accounting Dictionaries AttributesVendor-Specific Attributes Make/Model FieldAttribute Lists Checklist AttributesUpdating Attribute Information Return List Attributes Attribute ValuesMulti-Valued Attributes Orderable Attributes Default ValuesSystem Assigned Values Echo PropertyCentralized Configuration Management Designating a New Primary Radius Server Replacing a Replica Radius ServerChanging the Name or IP Address of a Server Recovering a Replica After a Failed DownloadBefore You Begin Installing the RSA Radius ServerRequired Files Data Migration/RegistrationSystem Requirements Installing on WindowsIf you are installing a Replica RSA Radius Server, click Installing the RSA Radius ServerUninstalling the RSA Radius Server Software Installer Syntax Installing on SolarisPath Reppkg Installing the RSA Radius Server SoftwareEnter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Linux Server System Requirements Installing on LinuxShould be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Running RSA Radius Administrator Using RSA Radius AdministratorRSA Radius Administrator Menus Navigating in RSA Radius AdministratorFile Menu Panel Menu See , Administering Radius Clients onWeb Menu RSA Radius Administrator ToolbarHelp Menu Adding an Entry RSA Radius Administrator WindowsSample Add Window Editing an EntrySample Edit Window Cutting/Copying/Pasting RecordsResizing Columns Using Context MenusChanging Column Sequence Sorting InformationDisplaying Version Information Accessing Online HelpAdding a License Key Add a License for Server Window Exiting the RSA Radius AdministratorRadius Clients Panel Administering Radius ClientsAdd Radius Client Window Adding a Radius ClientSecret to display the characters in the shared secret Deleting a Radius Client Verifying a Shared SecretPage Administering Radius Clients September Adding a Checklist or Return List Attribute for a Profile Administering ProfilesAbout Profiles Resolving Profile and User Attributes Default ProfileAdding a Profile Setting Up ProfilesClick Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Statistics Displaying Server Authentication StatisticsStatistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Statistics Panel System Accounting Statistics Displaying Server Accounting StatisticsAccounting Statistic Meaning Displaying Radius Client Statistics Resetting Server StatisticsOptionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Adding a Radius Server Manually Replication PanelAdd Server Window Deleting a Radius Server Enabling a Radius ServerNotifying Replica Radius Servers Publishing Server Configuration InformationDesignating a New Primary Radius Server Recovering a Replica After a Failed DownloadChanging the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Logging Using the Radius System LogLogging Files Controlling Log File Size Level of Logging DetailAccounting Log File Format Using the Accounting LogComma Placeholders First Line HeadingsAcct-Status-Type Standard Radius Accounting AttributesAcct-Input-Packets P e n d i x a Ldap Configuration Interface FileLdap Utilities About the Ldap Configuration InterfaceDownloading the Ldap Utilities Ldap RequestsLdap Version Compliance Configuring the Ldap TCP PortAvailable Attributes Ldap Virtual SchemaLdap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Searching for Records Ldap Command ExamplesLdapmodify Option Meaning Modifying RecordsWhere Adding Records Deleting Records Counter Statistics Statistics VariablesStattype server Stattype accounting Stattype authenticationRate Statistics Using the Ldap Configuration Interface September AAA GlossaryDNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode