How to ensure Agent Hosts for RADIUS clients are not required when setting up RSA RADIUS / RSA Authentication Manager 6.1
2 years ago
Originally Published: 2006-03-17
Article Number
000060050
Applies To
RSA Authentication Manager 6.1
RSA RADIUS Server 6.1 Powered by Funk Steel-Belted RADIUS
Issue
How to ensure Agent Hosts for RADIUS clients are not required when setting up RSA RADIUS / RSA Authentication Manager 6.1
RADIUS client <ANY>
Error: "Agent host not found" in RSA Authentication Manager activity log
RADIUS client <ANY>
Cause
By default, you must add RADIUS clients in "Manage Radius" AND Agent Hosts in Database Administration for any RADIUS client
Resolution
To configure RSA RADIUS to only require RADIUS clients:

1. In the \rsa\radius\ directory, edit the securid.ini file and change these lines as such:

[configuration]

; enable = 0                            (leave this commented out)

CheckuserAllowedbyClient=0

NOTE: The first line "[configuration]" above must be uncommented

2.  Restart the RSA RADIUS service (through the RSA Control Panel) or, in UNIX, with the following commands:

/etd/init.d/sbrd stop force

/etc/init.d/sbrd start
Notes

This makes the system more flexible as it allows any radius client with the proper RADIUS Shared key to be able to authenticate.  This does have two drawbacks:

1. since <ANY> radius client will have a chance to authenticate, this is less secure than having a specific list of clients

2. The AM logs may not show the client names, which may not be acceptable in all environments


See A60636  for a similar solution for AM7.1 or RSA Appliance 3.0

Related Articles

Trending Articles

Don't see what you're looking for?