Important: Before installing an RSA RADIUS replica server, be sure that the clock on the RADIUS replica server is synchronized with the clock on the RADIUS primary server.
Before installing an RSA RADIUS replica server on a machine separate from Authentication Manager, you must complete the following steps:
1. Install the Authentication Manager primary instance.
2. Install the RADIUS primary instance.
3. Copy the RADIUS package file that you created on the Authentication Manager primary instance to the machine where the RADIUS replica instance will be installed. (The RADIUS package file is named AMprimaryhost-radius.pkg and is in the directory RSA_AM_HOME/utils on the Authentication Manager primary instance.)
4. Copy the RADIUS replica package file, replica.ccmpkg, (which is created automatically when the RADIUS primary server is installed) to the RADIUS replica host machine. Alternatively, you could provide the information in the replica package file when prompted during the RADIUS replica installation.
You can perform an installation using the GUI or the command line interface. Use the GUI-based installer if you prefer standard graphical screens to assist you through the process. If you prefer a command line interface, you can use the command line installer.
Important: In most cases, once you have installed Authentication Manager, you cannot change the installation type or add RADIUS to the same machine, unless you uninstall Authentication Manager and reinstall it using the appropriate installation type. (You can, however, promote a replica to a primary, for both Authentication Manager and RADIUS, without reinstalling.) Before you uninstall and reinstall, be sure to back up the Authentication Manager database, the RADIUS database, or both, and restore the databases after reinstalling. If you prefer, you can add RADIUS to your deployment on a separate machine, rather than uninstalling and reinstalling
Authentication Manager.
Installation time varies depending on system speed and memory. Make sure that you allow at least one hour to perform the installation.
Note: When using the GUI-based installer on Solaris and Linux operating systems, the Display environment variable must be defined and set to a display server configured to allow access.
Copying the RSA RADIUS Replica Package File
Before you start the actual installation process, decide whether you want to use the replica package file replica.ccmpkg that was created automatically on the RADIUS primary server during installation. The RADIUS replica package file contains information about the RADIUS primary server that is needed by the RADIUS replica server.
As an alternative to using the RADIUS replica package file, you could enter the required information manually during the RADIUS replica installation process. You would have to enter the following information when prompted: primary server name, primary server IP address(es), and the replication secret.
Note: One advantage to using the replica package file is that you do not have to memorize or store the replication secret, which should be a large, random password.
To copy the RADIUS replica package file:
1. On the RADIUS primary server, locate the RADIUS replica package file, replica.ccmpkg, in RSA_AM_HOME\radius\Service (Windows) or RSA_AM_HOME/radius (Linux or Solaris).
2. Copy the replica.ccmpkg file to a directory on the RADIUS replica machine.
RSA recommends that you transfer the package file through a secure network or by removable media. Make note of where you copy the package file on the RADIUS replica machine as the location will be required during the RADIUS replica installation.
Important: If you transfer the file using FTP, use binary mode to avoid corrupting the
RSA Authentication Manager 7.1 Installation and Configuration Guide
80 7: Installing RSA RADIUS on a Separate Machine
To install a standalone RADIUS replica:
1. Locate and launch the installer for your platform, using the information in the following table.
Note: For the command line interface, you must add the -console option to the command. The command line installer displays navigation prompts with instructions on how to proceed or select options.
2. On the Welcome screen, click Next.
3. If you are installing Authentication Manager on a Solaris or Linux operating system, specify the local user.
Note: This cannot be root user. RSA recommends that you set up an account specifically for the Authentication Manager installation that can be accessed by any administrator. Do not use a personal account.
4. Respond to the prompts for Select Region and License Agreement.
5. Select Radius Only.
Important: At this point, the installer informs you of unmet or missing requirements and prerequisites for installation and offers you the option to continue anyway. Select Continue anyway only if you are directed to do so by RSA Customer Support or if you are certain that you want to accept the risk.
6. When the installer displays the name and path of the directory where RADIUS will be installed, verify the information and click Next. To select a different location, click Browse.
7. When the installer displays the hostname and IP address that will be used for installation, verify the information and click Next. If it is not correct, modify the information as necessary.
8. Click Browse to find and select the directory that contains your Authentication Manager license file, server key, and certificate files. Click Next.
9. Verify the license information, and click Next.
10. Browse to the location of the RADIUS package file containing information about the Authentication Manager primary instance. You must also enter the master password that you created when you installed the Authentication Manager primary instance.
Platform Location Command
Windows 32-bit auth_mgr\win32-x86 setup.exe
Linux 32-bit auth_mgr/linux-x86 setupLinux.sh
Solaris 10-sparc auth_mgr/solaris-sparc_64 setupSolaris.sh
11. Enter the user name and password of an administrator with the Super Admin role.
12. Select the realm with which the RADIUS server will be associated, and click Next.
13. When prompted for the RADIUS server type, click Next. The appropriate RADIUS server type is selected by default and cannot be changed.
14. When the installer displays an automatically generated local system account for the RADIUS administrator, click Next. This account is required for certain RADIUS functions, but you do not need to use it.
15. Do one of the following:
• If you want to use the replica.ccmpkg package file that you copied from the primary RADIUS server to provide the configuration information about the primary RADIUS server, select Replica package file, and click Next. The installer then prompts you for the location of the replica.ccmpkg file. Click Browse to provide the location of the replica package file, and click Next.
• If you want to provide the configuration information about the primary RADIUS server manually through an additional installation screen, select Enter primary RADIUS server hostname, IP address and replication secret manually, and click Next. The installer then prompts you to enter the primary server name, as many as four primary server IP addresses separated by commas, the replication secret, and a confirmation of the replication secret.
Click Next.
16. When prompted to import a version 6.1 RADIUS database, make sure that No is selected and click Next.
17. Review the summary screen, verifying the features you have selected and the disk space required.
18. To begin copying RADIUS files, click Install.
The installer begins copying files and displays a progress indicator.
19. Click Finish to close the installer.
For post-installation RADIUS server and client configuration information, see
“Integrating the RSA RADIUS Server into the Existing Deployment” on page 122.
For testing information, see “Testing RSA RADIUS Operation” on page 123.
If you encounter any problems installing RADIUS, see Chapter 13,
“Troubleshooting.”