Designating a new primary radius server, Recovering a replica after a failed download – RSA Security 6.1 User Manual

70

Administering RADIUS Servers

September 2005

Designating a New Primary RADIUS Server

You can change which server within a realm is designated as the Primary
RADIUS Server for that realm.

To designate a new Primary RADIUS Server:

1

Stop the RADIUS service/daemon on the Replica RADIUS Server.

2

Log into the Replica RADIUS Server as

root

(Solaris/Linux) or

administrator (Windows).

3

Navigate to the

..RSA Radius\Service

(Windows) or

/opt/rsa/radius (Solaris/Linux)

directory.

4

Run the

rsainstalltool

(Windows) or

rsaconfiguretool

(Solaris/Linux) utility with the

promote

option.

# ./rsaconfiguretool -promote

The utility creates a configuration package to change this server to the
Primary server.

5

Restart the updated Replica RADIUS Server to make it the new Primary
RADIUS Server.

6

Publish a new configuration package administratively to configure all Replica
RADIUS Servers to use the new Primary RADIUS Server.

After you designate a new Primary RADIUS Server for a realm, you can
configure the old Primary RADIUS Server as a Replica RADIUS Server by
downloading a configuration package published by the new Primary RADIUS
Server.

NOTE: If your old Primary RADIUS Server used aliases to handle
authentication requests, you must configure aliases on the new Primary
RADIUS Server after you promote it, and you must define an alias on the
corresponding Agent Host record in the RSA Authentication Manager (

Agent

Host > Edit Agent Host > RADIUS Configuration

).

Recovering a Replica After a Failed Download

If a Replica RADIUS Server fails during the download of a configuration
package, its configuration may be corrupted or it may have a stale secret.

To recover after a failed download:

1

Stop the RSA RADIUS service/daemon on the Replica RADIUS Server.