Manuals / RSA Security / Computer Equipment / Server

RSA Security 6.1 manual Resolving Profile and User Attributes, Default Profile

Models: 6.1

1 118

Download 118 pages 59.95 Kb

Page 64

Resolving Profile and User Attributes

If user-specific attributes are stored in the RSA Authentication Manager database, RSA RADIUS Server determines the final set of attributes for a user by merging the attributes stored in the user’s profile with user-specific attributes from the RSA Authentication Manager database. This calculation is performed as follows:

1The attributes from the profile assigned to the user are retrieved.

2These attributes are then merged with the user-specific attributes in the following manner:

Z If an attribute is multi-valued, then the user-specific attribute is added to the overall list of attributes.

Z If an attribute is single-valued, then the user-specific attribute replaces the attribute of the same name that was provided by the profile.

Z If the attribute is orderable, then the user-specific attribute replaces the attribute of the same name that was provided by the profile.

Default Profile

After RSA Authentication Manager authenticates a user, it can return the profile name associated with that user to RSA RADIUS Server. The profile name specified by RSA Authentication Manager identifies a profile configured on RSA RADIUS Server; that profile specifies the return list attributes to send back to the RADIUS client as part of the Access-Accept message for that user.

If RSA Authentication Manager does not return a profile name for a user,

RSA RADIUS Server returns the attributes specified in the Default profile. You can use the Default profile to create a default set of return list attributes for users.

52

Administering Profiles

September 2005

Image 64

Contents

RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index Audience About This GuideWhat’s In This Manual Syntax Conventions Related Documentation RSA Radius Server DocumentationVendor Information Requests for Comments RFCsThird-Party Products Getting Support and ServiceBefore You Call for Customer Support RSA Radius Server Features About RSA Radius ServerRSA Radius Server Overview About RSA Radius Server SeptemberRSA Radius Authentication Radius Packets Radius Server Configuration Radius ConfigurationRadius Client Configuration Shared Secrets RadiusReplication Secret Radius SecretNode Secret Authentication Radius PortsAccounting Accounting Sequence Comma-Delimited Log FilesTunneled Accounting Attributes DictionariesVendor-Specific Attributes Make/Model FieldAttribute Lists Checklist AttributesUpdating Attribute Information Return List Attributes Attribute ValuesMulti-Valued Attributes Default Values Orderable AttributesSystem Assigned Values Echo PropertyCentralized Configuration Management Replacing a Replica Radius Server Designating a New Primary Radius ServerRecovering a Replica After a Failed Download Changing the Name or IP Address of a ServerInstalling the RSA Radius Server Before You BeginRequired Files Data Migration/RegistrationInstalling on Windows System RequirementsInstalling the RSA Radius Server If you are installing a Replica RSA Radius Server, clickUninstalling the RSA Radius Server Software Installing on Solaris Installer SyntaxPath Installing the RSA Radius Server Software ReppkgEnter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Installing on Linux Linux Server System RequirementsShould be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Using RSA Radius Administrator Running RSA Radius AdministratorRSA Radius Administrator Menus Navigating in RSA Radius AdministratorFile Menu See , Administering Radius Clients on Panel MenuWeb Menu RSA Radius Administrator ToolbarHelp Menu RSA Radius Administrator Windows Adding an EntryEditing an Entry Sample Add WindowCutting/Copying/Pasting Records Sample Edit WindowUsing Context Menus Resizing ColumnsChanging Column Sequence Sorting InformationDisplaying Version Information Accessing Online HelpAdding a License Key Exiting the RSA Radius Administrator Add a License for Server WindowAdministering Radius Clients Radius Clients PanelAdding a Radius Client Add Radius Client WindowSecret to display the characters in the shared secret Verifying a Shared Secret Deleting a Radius ClientPage Administering Radius Clients September Adding a Checklist or Return List Attribute for a Profile Administering ProfilesAbout Profiles Default Profile Resolving Profile and User AttributesSetting Up Profiles Adding a ProfileClick Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Server Authentication Statistics Displaying StatisticsStatistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Displaying Server Accounting Statistics Statistics Panel System Accounting StatisticsAccounting Statistic Meaning Resetting Server Statistics Displaying Radius Client StatisticsOptionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Replication Panel Adding a Radius Server ManuallyAdd Server Window Enabling a Radius Server Deleting a Radius ServerPublishing Server Configuration Information Notifying Replica Radius ServersRecovering a Replica After a Failed Download Designating a New Primary Radius ServerChanging the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Logging Using the Radius System LogLogging Files Level of Logging Detail Controlling Log File SizeUsing the Accounting Log Accounting Log File FormatFirst Line Headings Comma PlaceholdersStandard Radius Accounting Attributes Acct-Status-TypeAcct-Input-Packets Ldap Configuration Interface File P e n d i x aAbout the Ldap Configuration Interface Ldap UtilitiesLdap Requests Downloading the Ldap UtilitiesConfiguring the Ldap TCP Port Ldap Version ComplianceLdap Virtual Schema Available AttributesLdap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Ldap Command Examples Searching for RecordsModifying Records Ldapmodify Option MeaningWhere Adding Records Deleting Records Counter Statistics Statistics VariablesStattype server Stattype authentication Stattype accountingRate Statistics Using the Ldap Configuration Interface September Glossary AAADNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode