Centralized configuration management – RSA Security 6.1 User Manual

Page 28

background image

16

About RSA RADIUS Server

September 2005

If an attribute appears once in the checklist marked as

default

, and the same

attribute appears in the return list marked as

echo

, the server echoes the actual

value of the attribute in the RADIUS response if the attribute appears in the
RADIUS request. If the attribute does not appear in the RADIUS request, the
server echoes the default value (from the checklist) in the response.

If you add multiple values of the same attribute to the checklist, only one of them
can be marked as default.

For example, an administrator adds several Callback-Number values to the
checklist and marks one of them as default. The administrator adds

Callback-Number

to the return list and specifies it as echo.

X

If a Callback-Number value is present in the RADIUS request, it must match
one of the checklist values or the user is rejected.

X

If it does match, the user is accepted and the value supplied is echoed in the
RADIUS response.

X

If no

Callback-Number

is supplied in the request, the user is accepted and

the default value is echoed in the response.

Other checklist attributes provide configuration for the user, such as time-of-day
and concurrent-login-limit information.

Centralized Configuration Management

The RSA RADIUS Server supports the replication of RADIUS configuration
data from a Primary RADIUS Server to a maximum of 10 Replica RADIUS Servers
within a realm on a customer network. Replica servers help balance the load of
authentication requests coming in from RADIUS clients, and ensure that
authentication services are not interrupted if the Primary or other Replica
RADIUS servers stops working.

All the servers within a realm reflect the current configuration specified by the
network administrator: the network administrator modifies the configuration on
the Primary RADIUS Server, and the Primary RADIUS Server propagates the
new configuration to its Replica RADIUS Servers. For example, after a network
administrator configures a new RADIUS client or profile on the Primary
RADIUS Server, the network administrator tells the Primary RADIUS Server to
publish a configuration package file (

replica.ccmpkg

) that contains the

updated configuration information. After publication, the Primary RADIUS
Server notifies each Replica RADIUS Server that a new configuration package is
ready. Each Replica then downloads and installs the configuration package to
update its settings.