000033590 - Automatically Shutting Down RSA RADIUS on Startup of an RSA Authentication Manager SecurID Appliance 8.1

Document created by RSA Customer Support Employee on Jul 21, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033590
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform : SUSE Enterprise Linux
O/S Version : 11 Service Pack 3
Product Description : SecurID Appliance
IssueAn administrator has a requirement to ensure the RSA RADIUS server is stopped on startup of the SecurID Appliance.
Resolution

RSA RADIUS is automatically installed and configured during the Authentication Manager installation and RSA RADIUS will actively listen on ports1654/UDP and 1812/UDP for RADIUS authentications from RADIUS-enabled devices.
The following steps add one line to the authentication manager startup script (/etc/init.d/rsaservmgr) and this new line instructs the RSA RADIUS Server to shutdown is a tidy fashion after all of the authentication manager services have started.


  1. Logon to the command line using the rsaadmin account
  2. Navigator to the folder where the startup script resides by entering the command cd /etc/init.d
  3. Use an editor (such as vi) to add one line to the authentication manager startup script rsaservmgr
In the start) section of the case statement locate the line exit $? and above it insert this line     /bin/su $INSTALL_USER -l -c "pushd $INSTALL_ROOT > /dev/null; server/rsaserv stop radius; popd > /dev/null"
Example:
    if [[ -e $INSTALL_ROOT/server/wrapper/ReplicaReplicationService.lock ]];
    then
        rm -f $INSTALL_ROOT/server/wrapper/ReplicaReplicationService.lock
    fi
    /bin/su $INSTALL_USER -l -c "pushd $INSTALL_ROOT > /dev/null; server/rsaserv $*; popd > /dev/null"
    /bin/su $INSTALL_USER -l -c "pushd $INSTALL_ROOT > /dev/null; server/rsaserv stop radius; popd > /dev/null"
    exit $?
    ;;

The line in bold highlights the inserted line, as shown above.
 


  1. After saving the change reboot the SecurID Appliance using the command sudo reboot and enter the rsaadmin account password when prompted for a password.
Example:
rsaadmin@app81p:~> sudo reboot
rsaadmin's password:


  1. After the SecurID Appliance has finished the reboot logon with the rsaadmin account and check the authentication manager status with the command /opt/rsa/am/server/rsaserv status
Example:
rsaadmin@app81p:~> /opt/rsa/am/server/rsaserv status
RSA Database Server                                        [RUNNING]
RSA Administration Server with Operations Console          [RUNNING]
RSA RADIUS Server Operations Console                       [RUNNING]
RSA Runtime Server                                         [RUNNING]
RSA RADIUS Server                                          [SHUTDOWN]
RSA Console Server                                         [RUNNING]
RSA Replication (Replica)                                  [RUNNING]
rsaadmin@app81p:~>

 
NotesIMPORTANT: Changing the authentication manager script (/etc/init.d/rsaservmgr) is not officially supported by RSA.

Attachments

    Outcomes