on Jun 16, 2016Article Content
| Article Number | 000025715 |
| Applies To | RSA Authentication Manager 6.1 RSA RADIUS Server 6.1 Powered by Funk Steel-Belted RADIUS |
| Issue | How to ensure Agent Hosts for RADIUS clients are not required when setting up RSA RADIUS / RSA Authentication Manager 6.1 RADIUS client <ANY> Error: "Agent host not found" in RSA Authentication Manager activity log RADIUS client <ANY> |
| Cause | By default, you must add RADIUS clients in "Manage Radius" AND Agent Hosts in Database Administration for any RADIUS client |
| Resolution | To configure RSA RADIUS to only require RADIUS clients: 1. In the \rsa\radius\ directory, edit the securid.ini file and change these lines as such: [configuration] ; enable = 0 (leave this commented out) CheckuserAllowedbyClient=0 NOTE: The first line "[configuration]" above must be uncommented 2. Restart the RSA RADIUS service (through the RSA Control Panel) or, in UNIX, with the following commands: /etd/init.d/sbrd stop force /etc/init.d/sbrd start |
| Notes | This makes the system more flexible as it allows any radius client with the proper RADIUS Shared key to be able to authenticate. This does have two drawbacks: 1. since <ANY> radius client will have a chance to authenticate, this is less secure than having a specific list of clients 2. The AM logs may not show the client names, which may not be acceptable in all environments See A60636 for a similar solution for AM7.1 or RSA Appliance 3.0 |
| Legacy Article ID | a30024 |