RSA Security 6.1 Regenerating a Node Secret

72 Administering RADIUS Servers September 2005

4Run the rsainstalltool (Windows) or rsaconfiguretool

(Solaris/Linux) utility with the identity option.

To rename a Primary RADIUS Server, enter the following command:

# ./rsaconfiguretool -identity PRIMARY

To rename a Replica RADIUS Server, enter the following command:

# ./rsaconfiguretool -identity REPLICA

5Restart the updated server so that it can load its new configuration.

6Run the RSARADIUS Administrator and modify the DNS name or IP

address for the server you want to rename. Verify that the secret on the

renamed server is correct.

You may need to use the Replication panel to delete the old server name from

the list of servers in the realm.

NOTE: After you change the name or IP address of a Primary or Replica

RADIUS Server, use RSAAuthentication Manager to change the Agent Host

record in the Authentication Manager database.

7Publish the modified configuration to propagate the name change to the

Replica RADIUS Servers.

Regenerating a Node Secret

You can regenerate the node secret used to authenticate communication between

the RSA Authentication Manager and RSA RADIUS Server at any time.

To regenerate a node secret:

1Stop the RSA RADIUS service/daemon on the RADIUS server.

2Log into the RADIUS server as root (Solaris/Linux) or administrator

(Windows).

3Navigate to the ..RSA Radius\Service (Windows) or

/opt/rsa/radius (Solaris/Linux) directory.

4Run the rsainstalltool (Windows) or rsaconfiguretool

(Solaris/Linux) utility with the identity option.

To regenerate the node secret for a Primary RADIUS Server, enter the

following command:

# ./rsaconfiguretool -identity PRIMARY

Contents

Main Contact Information Copyright Trademarks Page Contents About This Guide Chapter 1 About RSA RADIUS Server Chapter 2 Installing the RSA RADIUS Server Chapter 3 Using RSA RADIUS Administrator Chapter 4 Administering RADIUS Clients Chapter 5 Administering Profiles Chapter 6 Displaying Statistics Chapter 7 Administering RADIUS Servers Chapter 8 Logging Appendix A Using the LDAP Configuration Interface Glossary Index About This Guide Audience Whats In This Manual Syntax Conventions Related Documentation RSA RADIUS Server Documentation Vendor Information Requests for Comments (RFCs) Third-Party Products Getting Support and Service Before You Call for Customer Support Chapter 1 About RSA RADIUS Server RSA RADIUS Server Features RSA RADIUS Server Overview Page RADIUS Packets RADIUS Configuration RADIUS Server Configuration RADIUS Client Configuration Shared Secrets RADIUS Secret Replication Secret Node Secret RADIUS Ports Authentication RSA RADIUS Server 6.1 Administrators Guide About RSA RADIUS Server 9 Accounting 10 About RSA RADIUS Server September 2005 Accounting Sequence Comma-Delimited Log Files Tunneled Accounting Attributes Dictionaries Vendor-Specific Attributes Make/Model Field Updating Attribute Information Attribute Lists Checklist Attributes Return List Attributes Attribute Values Multi-Valued Attributes Orderable Attributes System Assigned Values Echo Property Default Values Centralized Configuration Management Replacing a Replica RADIUS Server Designating a New Primary RADIUS Server Page Chapter 2 Installing the RSA RADIUS Server Before You Begin Required Files Data Migration/Registration Installing on Windows Installing the RSA RADIUS Server Page Installing on Solaris Installer Syntax Page Installing the RSA RADIUS Server Software Page Stopping and Starting the RADIUS Daemon Migration Log File Installing on Linux Installer Syntax Page Installing the RSA RADIUS Server Software Page Stopping and Starting the RADIUS Daemon Page Chapter 3 Using RSA RADIUS Administrator Running RSA RADIUS Administrator Navigating in RSA RADIUS Administrator RSA RADIUS Administrator Menus File Menu RSA RADIUS Server 6.1 Administrators Guide Using RSA RADIUS Administrator 37 Panel Menu Table 9 describes the functions of each entry in the Panel menu in the RSA RADIUS Administrator. Web Menu Help Menu RSA RADIUS Administrator Toolbar RSA RADIUS Server 6.1 Administrators Guide Using RSA RADIUS Administrator 39 Figure 5 RSA RADIUS Administrator Toolbar RSA RADIUS Administrator Windows This section summarizes how to use RSA RADIUS Administrator windows and controls. Adding an Entry Editing an Entry Cutting/Copying/Pasting Records Using Context Menus Accessing Online Help Displaying Version Information Adding a License Key Exiting the RSA RADIUS Administrator Page Adding a RADIUS Client Page Verifying a Shared Secret Deleting a RADIUS Client Page Page Chapter 5 Administering Profiles About Profiles Adding a Checklist or Return List Attribute for a Profile Resolving Profile and User Attributes Default Profile Setting Up Profiles Adding a Profile Page Removing a Profile Page Chapter 6 Displaying Statistics Displaying Server Authentication Statistics 58 Displaying Statistics September 2005 Figure 18 Statistics Panel: System Authentication Statistics RSA RADIUS Server 6.1 Administrators Guide Displaying Statistics 59 Displaying Server Accounting Statistics RSA RADIUS Server 6.1 Administrators Guide Displaying Statistics 61 Table 14 describes the accounting statistics and suggested actions in italics (if appropriate). Resetting Server Statistics Displaying RADIUS Client Statistics Page Page Chapter 7 Administering RADIUS Servers Replication Panel Adding a RADIUS Server Manually Page Enabling a RADIUS Server Deleting a RADIUS Server Publishing Server Configuration Information Notifying Replica RADIUS Servers Designating a New Primary RADIUS Server Recovering a Replica After a Failed Download Changing the Name or IP Address of a Server Regenerating a Node Secret Resetting the RADIUS Database Page Chapter 8 Logging Logging Files Using the RADIUS System Log Level of Logging Detail Controlling Log File Size Using the Accounting Log Accounting Log File Format First Line Headings Comma Placeholders Standard RADIUS Accounting Attributes Table 16 lists the standard RADIUS accounting attributes defined in RFC 2866, RADIUS Accounting. 80 Logging September 2005 Acct-Input-Packets Acct-Output-Packets Acct-Termination-Cause Acct-Multi-Session-Id Appendix A Using the LDAP Configuration Interface LDAP Configuration Interface File About the LDAP Configuration Interface LDAP Utilities LDAP Requests Downloading the LDAP Utilities LDAP Version Compliance Configuring the LDAP TCP Port RSA RADIUS Server 6.1 Administrators Guide Using the LDAP Configuration Interface 85 199.198.197.196 196.197.198.199 Figure 26 LDAP Schema (Slide 1 of 4) LDAP Virtual Schema NOTE: radiusstatus items can be read, but they cannot be modified. 86 Using the LDAP Configuration Interface September 2005 Figure 27 LDAP Schema (Slide 2 of 4) RSA RADIUS Server 6.1 Administrators Guide Using the LDAP Configuration Interface 87 Figure 28 LDAP Schema (Slide 3 of 4) Page Page LDAP Command Examples Searching for Records RSA RADIUS Server 6.1 Administrators Guide Using the LDAP Configuration Interface 91 Modifying Records You can use the ldapmodify command to modify the RSARADIUS Server configuration. Page Adding Records Deleting Records Statistics Variables Counter Statistics stattype: server 96 Using the LDAP Configuration Interface September 2005 stattype: authentication stattype: accounting Rate Statistics Page Glossary Page Page Page Page Page Index