000025715 - How to ensure Agent Hosts for RADIUS clients are not required when setting up RSA RADIUS / RSA Authentication Manager 6.1

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025715
Applies ToRSA Authentication Manager 6.1
RSA RADIUS Server 6.1 Powered by Funk Steel-Belted RADIUS
IssueHow to ensure Agent Hosts for RADIUS clients are not required when setting up RSA RADIUS / RSA Authentication Manager 6.1
RADIUS client <ANY>
Error: "Agent host not found" in RSA Authentication Manager activity log
RADIUS client <ANY>
CauseBy default, you must add RADIUS clients in "Manage Radius" AND Agent Hosts in Database Administration for any RADIUS client
ResolutionTo configure RSA RADIUS to only require RADIUS clients:

1. In the \rsa\radius\ directory, edit the securid.ini file and change these lines as such:


; enable = 0                            (leave this commented out)


NOTE: The first line "[configuration]" above must be uncommented

2.  Restart the RSA RADIUS service (through the RSA Control Panel) or, in UNIX, with the following commands:

/etd/init.d/sbrd stop force

/etc/init.d/sbrd start

This makes the system more flexible as it allows any radius client with the proper RADIUS Shared key to be able to authenticate.  This does have two drawbacks:

1. since <ANY> radius client will have a chance to authenticate, this is less secure than having a specific list of clients

2. The AM logs may not show the client names, which may not be acceptable in all environments

See A60636  for a similar solution for AM7.1 or RSA Appliance 3.0
Legacy Article IDa30024