000025715 - How to ensure Agent Hosts for RADIUS clients are not required when setting up RSA RADIUS / RSA Authentication Manager 6.1

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025715
Applies ToRSA Authentication Manager 6.1
RSA RADIUS Server 6.1 Powered by Funk Steel-Belted RADIUS
IssueHow to ensure Agent Hosts for RADIUS clients are not required when setting up RSA RADIUS / RSA Authentication Manager 6.1
RADIUS client <ANY>
Error: "Agent host not found" in RSA Authentication Manager activity log
RADIUS client <ANY>
CauseBy default, you must add RADIUS clients in "Manage Radius" AND Agent Hosts in Database Administration for any RADIUS client
ResolutionTo configure RSA RADIUS to only require RADIUS clients:

1. In the \rsa\radius\ directory, edit the securid.ini file and change these lines as such:

[configuration]

; enable = 0                            (leave this commented out)

CheckuserAllowedbyClient=0

NOTE: The first line "[configuration]" above must be uncommented

2.  Restart the RSA RADIUS service (through the RSA Control Panel) or, in UNIX, with the following commands:

/etd/init.d/sbrd stop force

/etc/init.d/sbrd start
Notes

This makes the system more flexible as it allows any radius client with the proper RADIUS Shared key to be able to authenticate.  This does have two drawbacks:

1. since <ANY> radius client will have a chance to authenticate, this is less secure than having a specific list of clients

2. The AM logs may not show the client names, which may not be acceptable in all environments


See A60636  for a similar solution for AM7.1 or RSA Appliance 3.0
Legacy Article IDa30024

Attachments

    Outcomes