Allow a large number of RADIUS clients to authenticate without adding an agent for each client in RSA Authentication Manager 8.x
Originally Published: 2015-10-11
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
- Add a large number of RADIUS clients to Authentication Manager.
- How to configure <ANY> RADIUS client.
- How to allow the system to authenticate users from clients without agents.
- What to do if authentication fails after adding <ANY> RADIUS client in Security Console.
Tasks
When an ANY client sends a network request to its' associated RADIUS server, the RADIUS server confirms the shared secret and forwards the request without any client information to Authentication Manager for authentication.
Resolution
- Log into the Authentication Manager primary's Security Console and navigate to RADIUS > RADIUS Clients > Add New.
- Enable the option to Accept authentication requests from any RADIUS client using the shared secret specified for this client.
- Enter the RADIUS Shared Secret.
- Click Save.
Now allow the system to authenticate users from clients without agents by following the steps below:
- Log into the Operations Console on the primary and navigate to Deployment Configuration > RADIUS Servers.
- Click on the server name and select Manage Server Files.
- Click on securid.ini file and select Edit.
- Set the file parameter for CheckUserAllowedByClient to 0. By default, this parameter is set to 1, which allows the system to authenticate users from clients with an assigned agent.
- Click Save & Restart RADIUS Server. so the file changes can be read by the system.
Changes made to RADIUS server files are not replicated to other servers in your deployment. Repeat steps 1 - 5 on each replica in your deployment.
