Designating a New Primary Radius Server | RSA Security 6.1 specification

Designating a New Primary RADIUS Server

You can change which server within a realm is designated as the Primary

RADIUS Server for that realm.

To designate a new Primary RADIUS Server:

1Stop the RADIUS service/daemon on the Replica RADIUS Server.

2Log into the Replica RADIUS Server as root (Solaris/Linux) or administrator (Windows).

3Navigate to the ..RSA Radius\Service (Windows) or

/opt/rsa/radius (Solaris/Linux) directory.

4Run the rsainstalltool (Windows) or rsaconfiguretool

(Solaris/Linux) utility with the promote option.

#./rsaconfiguretool -promote

The utility creates a configuration package to change this server to the

Primary server.

5Restart the updated Replica RADIUS Server to make it the new Primary RADIUS Server.

6Publish a new configuration package administratively to configure all Replica RADIUS Servers to use the new Primary RADIUS Server.

After you designate a new Primary RADIUS Server for a realm, you can configure the old Primary RADIUS Server as a Replica RADIUS Server by downloading a configuration package published by the new Primary RADIUS Server.

NOTE: If your old Primary RADIUS Server used aliases to handle authentication requests, you must configure aliases on the new Primary RADIUS Server after you promote it, and you must define an alias on the corresponding Agent Host record in the RSA Authentication Manager (Agent Host > Edit Agent Host > RADIUS Configuration).

Recovering a Replica After a Failed Download

If a Replica RADIUS Server fails during the download of a configuration package, its configuration may be corrupted or it may have a stale secret.

To recover after a failed download:

1Stop the RSA RADIUS service/daemon on the Replica RADIUS Server.

70

Administering RADIUS Servers

September 2005

Image 82

RSA Security 6.1 manual Designating a New Primary Radius Server, Recovering a Replica After a Failed Download

Contents

RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index Audience About This GuideWhat’s In This Manual Syntax Conventions Vendor Information Related DocumentationRSA Radius Server Documentation Requests for Comments RFCs Third-Party Products Getting Support and ServiceBefore You Call for Customer Support RSA Radius Server Features About RSA Radius Server RSA Radius Server Overview About RSA Radius Server September RSA Radius Authentication Radius Packets Radius Server Configuration Radius ConfigurationRadius Client Configuration Shared Secrets Radius Replication Secret Radius SecretNode Secret Authentication Radius Ports Accounting Accounting Sequence Comma-Delimited Log Files Tunneled Accounting Vendor-Specific Attributes AttributesDictionaries Make/Model Field Attribute Lists Checklist AttributesUpdating Attribute Information Return List Attributes Attribute ValuesMulti-Valued Attributes System Assigned Values Default ValuesOrderable Attributes Echo Property Centralized Configuration Management Replacing a Replica Radius Server Designating a New Primary Radius Server Recovering a Replica After a Failed Download Changing the Name or IP Address of a Server Required Files Installing the RSA Radius ServerBefore You Begin Data Migration/Registration Installing on Windows System Requirements Installing the RSA Radius Server If you are installing a Replica RSA Radius Server, click Uninstalling the RSA Radius Server Software Installing on Solaris Installer Syntax Path Installing the RSA Radius Server Software Reppkg Enter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Installing on Linux Linux Server System Requirements Should be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Using RSA Radius Administrator Running RSA Radius Administrator RSA Radius Administrator Menus Navigating in RSA Radius AdministratorFile Menu See , Administering Radius Clients on Panel Menu Web Menu RSA Radius Administrator ToolbarHelp Menu RSA Radius Administrator Windows Adding an Entry Editing an Entry Sample Add Window Cutting/Copying/Pasting Records Sample Edit Window Changing Column Sequence Using Context MenusResizing Columns Sorting Information Displaying Version Information Accessing Online HelpAdding a License Key Exiting the RSA Radius Administrator Add a License for Server Window Administering Radius Clients Radius Clients Panel Adding a Radius Client Add Radius Client Window Secret to display the characters in the shared secret Verifying a Shared Secret Deleting a Radius ClientPage Administering Radius Clients September Adding a Checklist or Return List Attribute for a Profile Administering ProfilesAbout Profiles Default Profile Resolving Profile and User Attributes Setting Up Profiles Adding a Profile Click Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Server Authentication Statistics Displaying Statistics Statistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Displaying Server Accounting Statistics Statistics Panel System Accounting Statistics Accounting Statistic Meaning Resetting Server Statistics Displaying Radius Client Statistics Optionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Replication Panel Adding a Radius Server Manually Add Server Window Enabling a Radius Server Deleting a Radius Server Publishing Server Configuration Information Notifying Replica Radius Servers Recovering a Replica After a Failed Download Designating a New Primary Radius Server Changing the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Logging Using the Radius System LogLogging Files Level of Logging Detail Controlling Log File Size Using the Accounting Log Accounting Log File Format First Line Headings Comma Placeholders Standard Radius Accounting Attributes Acct-Status-Type Acct-Input-Packets Ldap Configuration Interface File P e n d i x a About the Ldap Configuration Interface Ldap Utilities Ldap Requests Downloading the Ldap Utilities Configuring the Ldap TCP Port Ldap Version Compliance Ldap Virtual Schema Available Attributes Ldap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Ldap Command Examples Searching for Records Modifying Records Ldapmodify Option Meaning Where Adding Records Deleting Records Counter Statistics Statistics VariablesStattype server Stattype authentication Stattype accounting Rate Statistics Using the Ldap Configuration Interface September Glossary AAA DNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode