If an attribute appears once in the checklist marked as default, and the same attribute appears in the return list marked as echo, the server echoes the actual value of the attribute in the RADIUS response if the attribute appears in the RADIUS request. If the attribute does not appear in the RADIUS request, the server echoes the default value (from the checklist) in the response.

If you add multiple values of the same attribute to the checklist, only one of them can be marked as default.

For example, an administrator adds several Callback-Number values to the checklist and marks one of them as default. The administrator adds Callback-Numberto the return list and specifies it as echo.

XIf a Callback-Number value is present in the RADIUS request, it must match one of the checklist values or the user is rejected.

XIf it does match, the user is accepted and the value supplied is echoed in the RADIUS response.

XIf no Callback-Numberis supplied in the request, the user is accepted and the default value is echoed in the response.

Other checklist attributes provide configuration for the user, such as time-of-day and concurrent-login-limit information.

Centralized Configuration Management

The RSA RADIUS Server supports the replication of RADIUS configuration data from a Primary RADIUS Server to a maximum of 10 Replica RADIUS Servers within a realm on a customer network. Replica servers help balance the load of authentication requests coming in from RADIUS clients, and ensure that authentication services are not interrupted if the Primary or other Replica RADIUS servers stops working.

All the servers within a realm reflect the current configuration specified by the network administrator: the network administrator modifies the configuration on the Primary RADIUS Server, and the Primary RADIUS Server propagates the new configuration to its Replica RADIUS Servers. For example, after a network administrator configures a new RADIUS client or profile on the Primary RADIUS Server, the network administrator tells the Primary RADIUS Server to publish a configuration package file (replica.ccmpkg) that contains the updated configuration information. After publication, the Primary RADIUS Server notifies each Replica RADIUS Server that a new configuration package is ready. Each Replica then downloads and installs the configuration package to update its settings.

16

About RSA RADIUS Server

September 2005

Page 28
Image 28
RSA Security 6.1 manual Centralized Configuration Management