Manuals / Brands / Computer Equipment / Server / RSA Security / Computer Equipment / Server

RSA Security 6.1 Designating a New Primary RADIUS Server, Recovering a Replica After a Failed Download

1 118

Download 118 pages, 1.25 Mb

70 Administering RADIUS Servers September 2005

Designating a New Primary RADIUS Server

You can change which server within a realm is designated as the Primary

RADIUS Server for that realm.

To designate a new Primary RADIUS Server:

1Stop the RADIUS service/daemon on the Replica RADIUS Server.

2Log into the Replica RADIUS Server as root (Solaris/Linux) or

administrator (Windows).

3Navigate to the ..RSA Radius\Service (Windows) or

/opt/rsa/radius (Solaris/Linux) directory.

4Run the rsainstalltool (Windows) or rsaconfiguretool

(Solaris/Linux) utility with the promote option.

# ./rsaconfiguretool -promote

The utility creates a configuration package to change this server to the

Primary server.

5Restart the updated Replica RADIUS Server to make it the new Primary

RADIUS Server.

6Publish a new configuration package administratively to configure all Replica

RADIUS Servers to use the new Primary RADIUS Server.

After you designate a new Primary RADIUS Server for a realm, you can

configure the old Primary RADIUS Server as a Replica RADIUS Server by

downloading a configuration package published by the new Primary RADIUS

Server.

NOTE: If your old Primary RADIUS Server used aliases to handle

authentication requests, you must configure aliases on the new Primary

RADIUS Server after you promote it, and you must define an alias on the

corresponding Agent Host record in the RSA Authentication Manager (Agent

Host > Edit Agent Host > RADIUS Configuration).

Recovering a Replica After a Failed Download

If a Replica RADIUS Server fails during the download of a configuration

package, its configuration may be corrupted or it may have a stale secret.

To recover after a failed download:

1Stop the RSA RADIUS service/daemon on the Replica RADIUS Server.

Contents

Main Contact Information Copyright Trademarks Page Contents About This Guide Chapter 1 About RSA RADIUS Server Chapter 2 Installing the RSA RADIUS Server Chapter 3 Using RSA RADIUS Administrator Chapter 4 Administering RADIUS Clients Chapter 5 Administering Profiles Chapter 6 Displaying Statistics Chapter 7 Administering RADIUS Servers Chapter 8 Logging Appendix A Using the LDAP Configuration Interface Glossary Index About This Guide Audience Whats In This Manual Syntax Conventions Related Documentation RSA RADIUS Server Documentation Vendor Information Requests for Comments (RFCs) Third-Party Products Getting Support and Service Before You Call for Customer Support Chapter 1 About RSA RADIUS Server RSA RADIUS Server Features RSA RADIUS Server Overview Page RADIUS Packets RADIUS Configuration RADIUS Server Configuration RADIUS Client Configuration Shared Secrets RADIUS Secret Replication Secret Node Secret RADIUS Ports Authentication RSA RADIUS Server 6.1 Administrators Guide About RSA RADIUS Server 9 Accounting 10 About RSA RADIUS Server September 2005 Accounting Sequence Comma-Delimited Log Files Tunneled Accounting Attributes Dictionaries Vendor-Specific Attributes Make/Model Field Updating Attribute Information Attribute Lists Checklist Attributes Return List Attributes Attribute Values Multi-Valued Attributes Orderable Attributes System Assigned Values Echo Property Default Values Centralized Configuration Management Replacing a Replica RADIUS Server Designating a New Primary RADIUS Server Page Chapter 2 Installing the RSA RADIUS Server Before You Begin Required Files Data Migration/Registration Installing on Windows Installing the RSA RADIUS Server Page Installing on Solaris Installer Syntax Page Installing the RSA RADIUS Server Software Page Stopping and Starting the RADIUS Daemon Migration Log File Installing on Linux Installer Syntax Page Installing the RSA RADIUS Server Software Page Stopping and Starting the RADIUS Daemon Page Chapter 3 Using RSA RADIUS Administrator Running RSA RADIUS Administrator Navigating in RSA RADIUS Administrator RSA RADIUS Administrator Menus File Menu RSA RADIUS Server 6.1 Administrators Guide Using RSA RADIUS Administrator 37 Panel Menu Table 9 describes the functions of each entry in the Panel menu in the RSA RADIUS Administrator. Web Menu Help Menu RSA RADIUS Administrator Toolbar RSA RADIUS Server 6.1 Administrators Guide Using RSA RADIUS Administrator 39 Figure 5 RSA RADIUS Administrator Toolbar RSA RADIUS Administrator Windows This section summarizes how to use RSA RADIUS Administrator windows and controls. Adding an Entry Editing an Entry Cutting/Copying/Pasting Records Using Context Menus Accessing Online Help Displaying Version Information Adding a License Key Exiting the RSA RADIUS Administrator Page Adding a RADIUS Client Page Verifying a Shared Secret Deleting a RADIUS Client Page Page Chapter 5 Administering Profiles About Profiles Adding a Checklist or Return List Attribute for a Profile Resolving Profile and User Attributes Default Profile Setting Up Profiles Adding a Profile Page Removing a Profile Page Chapter 6 Displaying Statistics Displaying Server Authentication Statistics 58 Displaying Statistics September 2005 Figure 18 Statistics Panel: System Authentication Statistics RSA RADIUS Server 6.1 Administrators Guide Displaying Statistics 59 Displaying Server Accounting Statistics RSA RADIUS Server 6.1 Administrators Guide Displaying Statistics 61 Table 14 describes the accounting statistics and suggested actions in italics (if appropriate). Resetting Server Statistics Displaying RADIUS Client Statistics Page Page Chapter 7 Administering RADIUS Servers Replication Panel Adding a RADIUS Server Manually Page Enabling a RADIUS Server Deleting a RADIUS Server Publishing Server Configuration Information Notifying Replica RADIUS Servers Designating a New Primary RADIUS Server Recovering a Replica After a Failed Download Changing the Name or IP Address of a Server Regenerating a Node Secret Resetting the RADIUS Database Page Chapter 8 Logging Logging Files Using the RADIUS System Log Level of Logging Detail Controlling Log File Size Using the Accounting Log Accounting Log File Format First Line Headings Comma Placeholders Standard RADIUS Accounting Attributes Table 16 lists the standard RADIUS accounting attributes defined in RFC 2866, RADIUS Accounting. 80 Logging September 2005 Acct-Input-Packets Acct-Output-Packets Acct-Termination-Cause Acct-Multi-Session-Id Appendix A Using the LDAP Configuration Interface LDAP Configuration Interface File About the LDAP Configuration Interface LDAP Utilities LDAP Requests Downloading the LDAP Utilities LDAP Version Compliance Configuring the LDAP TCP Port RSA RADIUS Server 6.1 Administrators Guide Using the LDAP Configuration Interface 85 199.198.197.196 196.197.198.199 Figure 26 LDAP Schema (Slide 1 of 4) LDAP Virtual Schema NOTE: radiusstatus items can be read, but they cannot be modified. 86 Using the LDAP Configuration Interface September 2005 Figure 27 LDAP Schema (Slide 2 of 4) RSA RADIUS Server 6.1 Administrators Guide Using the LDAP Configuration Interface 87 Figure 28 LDAP Schema (Slide 3 of 4) Page Page LDAP Command Examples Searching for Records RSA RADIUS Server 6.1 Administrators Guide Using the LDAP Configuration Interface 91 Modifying Records You can use the ldapmodify command to modify the RSARADIUS Server configuration. Page Adding Records Deleting Records Statistics Variables Counter Statistics stattype: server 96 Using the LDAP Configuration Interface September 2005 stattype: authentication stattype: accounting Rate Statistics Page Glossary Page Page Page Page Page Index