background image

RAD-Series 7.1 Getting Started Guide

Interlink Networks, Inc.

Page 15

Basic Server Configuration

Before beginning server configuration, set up all your network devices, and list all shared secrets 

and device vendors. You’ll need this information to complete the server configuration.

To start configuring the AAA Server, access Server Manager.

To quit configuration at any time, just close your browser. 

Load Configurations

Load the current server configurations into the Server Manager workspace. The initial download 

will contain the default wired configuration used to test the server installation. 

1

In the Navigation frame, click Load Configurations.

2

In the Workspace frame, select the server to pull configurations from:

3

Click Load.
You’ll be notified when the transfer is complete. 

Define Access Devices

Enter the IP address and a shared secret for each access point in your network.

You can enter any valid IP address (e.g.: 192.44.3.11) or fully-qualified DNS name (e.g.: 

nas.yourcompany.com).

The shared secret is the code that will be used to establish a trust relationship between the access 

device and the server. The shared secret can’t exceed 255 characters or contain spaces. 

1

In the Navigation frame, click Define Access Devices.

2

In the Workspace frame, click the New Access Device link or the Add 

 button.

3

In Name, enter the IP address or fully-qualified domain name.

4

Enter and confirm the Shared Secret.

5

The Vendor field specifies which set of vendor-specific attributes to return in RADIUS 

message sent to this device. Use CTRL + Click to select to select all that apply from the drop-

down list. Choose Generic for none.

6

Click Create.

Содержание 7.1

Страница 1: ...RAD Series AAA Server Getting Started Guide Version 7 1 for Linux Technical Document ...

Страница 2: ...ithout notice Interlink Networks does not guarantee the accuracy of the information Trademark Information Brand or product names may be registered trademarks of their respective owners Revision History Interlink Networks Inc 650 Avis Drive Suite 300 Ann Arbor MI 48108 Main 734 821 1200 Sales 734 821 1228 Fax 734 821 1235 Website www interlinknetworks com Date Version Type 9 2005 7 1 0 New Product ...

Страница 3: ...er Installing 4 Certificates 4 Installation 5 Installation Process 5 Installing RAD Series Software 6 Installation Directories 8 Uninstalling RAD Series Software 9 Starting Server Manager 9 Changing the Server Manager Port 10 Stopping Server Manager 10 Starting Remote Control 10 Accessing Server Manager 10 Adding Servers to Server Manager 11 Starting the Server 11 Testing Server Installation 12 Co...

Страница 4: ...nfigurations 15 Define Access Devices 15 Define Local Realms 16 Save Configurations 17 Reloading the Server 17 Securing the Server 17 Basic Server Administration 19 Licensing 20 Ordering a License 20 Installing the License 20 Technical Support 21 Web Site 21 Help Desk 21 ...

Страница 5: ...ou will install the software Know the hardware and software profiles of the server machines and other devices used throughout the network Know how you will store user profiles for those accessing the network For wireless know the EAP methods and user name formats used Notational Conventions Text in this guide is marked in different styles to denote various things Text Marked Indicates Fixed width ...

Страница 6: ...d Interoperable Devices and Software Tables for RAD Series Server for a list of compatible hardware and software Specification Requirement Operating System Platform Red Hat Enterprise Server 2 0 on Intel hardware Memory 64 MB RAM minimum 128 MB RAM or higher recommended Disk Space 82 MB for server and Server Manager 100 MB temporary space for installer Additional disk space will be required depend...

Страница 7: ...ion files to the subdirectory backup_raddb timestamp in the configuration file directory If you re converting from a version earlier than 6 0 x check the conversion of your vendors dictionary and fsm files In some cases these may need to be manually updated to include 7 1 0 content Finite State Machine fsm files that have been modified from the installation default are not converted with the 7 1 0...

Страница 8: ...certificate key file and self signed certificate authority list that can be used for preliminary testing However if your application requires certificates you should replace these with your own files before the server goes into production The following authentication methods require a server side certificate PEAP MSCHAP PEAP MD5 PEAP GTC TLS TTLS TTLS MD5 TTLS PAP TTLS CHAP TTLS MSCHAP ...

Страница 9: ... program on any machines where it is installed 4 Access the Server Manager 5 Add remote servers if any to Server Manager 6 Start the server s from Server Manager 7 Test installation using the preset configuration Note This test can only be performed on the machine hosting the Server Manager program At the conclusion of this process you ll Know that the server software is installed and working prop...

Страница 10: ...nship between the AAA Server and its test utility It cannot be more than 255 characters or contain spaces The default is secret 6 Enter a test user password This password is used to test installation The user password cannot have spaces or the backslash character The default is password Option Component Required 1 Server the AAA Server programs configuration files libraries plug ins On each host m...

Страница 11: ...tworks Inc Page 7 7 Enter a Server Manager user name This is the name you ll use to log on to Server Manager The default is adminaaa 8 Enter a Server Manager password This is the password you ll use to log on to Server Manager The default is adminaaa ...

Страница 12: ...all Uninstaller opt aaa aatv Plug ins opt share aaa man MAN pages opt share aaa doc PDF documentation etc opt aaa Configuration files including dictionary and vendors files fsm files sample finite state machine FSM tables etc opt aaa proldap Schema files and sample LDIF files for LDAP authentication etc opt aaa security Certificates and keys for TLS TTLS and PEAP authentication etc opt aaa fsm7 1 ...

Страница 13: ...d workstation that has a browser and a Java Run Time Environment installed Server Manager can be set up to make a Secure Socket Layer https connection to administrator workstations See Configuring Server Manager for SSL in the RAD Series Administrator s Guide The steps below show how to start Server Manager using a non secure http connection We recommend doing this to complete the initial server s...

Страница 14: ... use 4 Save and close server xml 5 Stop and restart Server Manager Stopping Server Manager To stop the Server Manager program 1 Change directory to Server Manager directory bin 2 Run shutdown sh Starting Remote Control On each machine where you ve installed Remote Control 1 Change directory to Remote Control directory 2 Run rmistart sh Accessing Server Manager Once the Server Manager program is st...

Страница 15: ... the list of servers managed by Server Manager 1 Access the Server Manager 2 In the Navigation tree on the left click Managed Servers 3 In the main area on the right click the Connect to Server link 4 Enter a Name for the server to appear in Server Manager This doesn t have to be the actual server name just an identifier 5 Enter the server s IP address or fully qualified domain name 6 Click Create...

Страница 16: ...aaa lib by default export LD_LIBRARY_PATH server library path 5 Change directory to server binary path opt aaa bin by default 6 Run radpwtst s localhost test_user 7 When prompted enter the test user password you specified during installation A message appears summarizing authentication If the server is authenticating properly the final line in the message is test_user authentication OK 8 To termin...

Страница 17: ...you ll have At least one realm defined At least one user set up for authentication using your method Using Server Manager We recommend using Server Manager rather than command line functions to perform basic AAA Server configuration and administration Server Manager works by loading a duplicate of the current server configuration into a temporary workspace After you ve made your changes in the wor...

Страница 18: ...ed here 3 Workspace frame This area contains the controls for configuring and administering servers It changes based on the task you ve selected 4 Message frame This area shows the results of log file searches and server commands Each Workspace page contains both buttons and links you can use to drill down to other forms Hover over any button to see what it does Required fields are marked with an ...

Страница 19: ... 3 Click Load You ll be notified when the transfer is complete Define Access Devices Enter the IP address and a shared secret for each access point in your network You can enter any valid IP address e g 192 44 3 11 or fully qualified DNS name e g nas yourcompany com The shared secret is the code that will be used to establish a trust relationship between the access device and the server The shared...

Страница 20: ...r a realm name click the NULL link If users do have to enter a realm name click the Add New Realm link and enter it in Name 3 Choose the User Profile Storage type from the drop down New realms default to LDAP storage 4 If this is a wireless network and additional parameters appear under Security Method Click EAP Authentication Choose all the EAP methods used by this realm Use CTRL Click to select ...

Страница 21: ...ect the server 3 In the Workspace frame click Restart Securing the Server We recommend doing the following to make the server more secure before putting it into production Instructions for each of these procedures are in the RAD Series Administrator s Guide 1 Remove the test_user from the default users file if you plan to keep this file in your configuration 2 Change the Server Manager user name a...

Страница 22: ...RAD Series 7 1 Getting Started Guide Interlink Networks Inc Page 18 Where possible store hashed passwords in user profiles ...

Страница 23: ...y selected servers where you don t want to run the command 4 In the Workspace frame click the command to perform Start starts server operation after it s been stopped You ll see a green GO icon next to the server name in the Status frame to indicate it s online Stop stops server operation You ll see a red STOP icon next to the server name in the Status frame to indicate it s offline Restart let s ...

Страница 24: ...o purchase the appropriate license for your needs If you ve configured functions or users during evaluation that are not supported by the license you purchase they will be disabled during production use Contact sales interlinknetworks com for more information about the different licensing options Ordering a License When you re ready to purchase a licensed version of the RAD Series software contact...

Страница 25: ...port at no additional charge To extend technical support beyond the 30 day warranty period you can purchase a Software Maintenance Plan Send an e mail to sales interlinknetworks com If you can t find the solution to your problem in our documentation or on the web site and you re covered by a maintenance plan or the 30 day warranty you can E mail support interlinknetworks com Phone 734 821 1222 Mon...

Отзывы: