|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
|Issue||This article explains how to:|
- Add a large number of RADIUS clients to Authentication Manager.
- How to configure <ANY> RADIUS client.
- How to allow the system to authenticate users from clients without agents.
- What to do if authentication fails after adding <ANY> RADIUS client in Security Console.
|Tasks||If you need to add a large number of RADIUS clients to Authentication Manager, instead of adding an agent to each RADIUS client, You can configure an <ANY> RADIUS client and enter the same shared secret for each RADIUS client.|
When an ANY client sends a network request to its' associated RADIUS server, the RADIUS server confirms the shared secret and forwards the request without any client information to Authentication Manager for authentication.
|Resolution||First, add an <ANY> RADIUS client by following the below steps:|
- Log into the Authentication Manager primary's Security Console and navigate to RADIUS > RADIUS Clients > Add New.
- Enable the option to Accept authentication requests from any RADIUS client using the shared secret specified for this client.
- Enter the RADIUS Shared Secret.
- Click Save.
Now allow the system to authenticate users from clients without agents by following the steps below:
- Log into the Operations Console on the primary and navigate to Deployment Configuration > RADIUS Servers.
- Click on the server name and select Manage Server Files.
- Click on securid.ini file and select Edit.
- Set the file parameter for CheckUserAllowedByClient to 0. By default, this parameter is set to 1, which allows the system to authenticate users from clients with an assigned agent.
- Click Save & Restart RADIUS Server. so the file changes can be read by the system.
Changes made to RADIUS server files are not replicated to other servers in your deployment. Repeat steps 1 - 5 on each replica in your deployment.