000031470 - How to allow a large number of RADIUS clients to authenticate without adding an agent for each client in AM 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000031470
Applies ToRSA Product Set:  SecurID

RSA Product/Service Type:  Authentication Manager 

RSA Version/Condition:  8.1
Issue
  • Customer wants to add a large number of RADIUS clients to Authentication Manager. 
  • How to configure <ANY> RADIUS client.
  • How to allow the system to authenticate users from clients without agents.
  • Authentication fails after adding <ANY> RADIUS client in Security Console.
 
TasksIF you need to add a large number of RADIUS clients to Authentication Manager,Instead of adding an agent to each RADIUS client, You can configure <ANY> RADIUS client and enter the same shared secret for each RADIUS client. When an ANY client sends a network request to its associated RADIUS server, the RADIUS server confirms the shared secret and forwards the request without any client information to Authentication Manager.
ResolutionFirst, You need to add <ANY> RADIUS client by following the below steps:
1. Log into Security Console and navigate to Radius >>Radius Clients >>Add New.
2. Enable "Accept authentication requests from any RADIUS client using the shared secret specified for this client" box.
User-added image
3. Enter the Shared Secret then Click Save.
After that, You need to Allow the system to authenticate users from clients without agents by following the below steps:
1. Log into the Operations Console and navigate to Deployment Configuration >>Radius Servers.
2. Click on the Server Name >>Manage Server Files.
3. Click on securid.ini file then Edit.
User-added image
4. You must set the file parameter CheckUserAllowedByClient to 0. By default, this parameter is set to 1, which allows the system to authenticate users from clients with an assigned agent.
5. Click Save & Restart RADIUS Server.

 
 
Notes

Changes to RADIUS configuration files are not automatically replicated. You must manually edit the files of each RADIUS replica server in your deployment.

Attachments

    Outcomes