|
|
This chapter provides installation and troubleshooting instructions for Cisco Access Registrar.
Cisco Access Registrar consists of the RADIUS (Remote Authentication Dial-In User Service) server, which enables NASs (multiple dial-in Network Access Server devices) to share a common database for the purpose of authentication, authorization, and accounting.
Cisco Access Registrar includes the following features:
Before you begin installing Cisco Access Registrar, make sure your site meets the server and client hardware, and the software requirements described in this section.
The requirements for installing Cisco Access Registrar are described in this section.
Table 1-1 lists the system requirements for a full installation of Cisco Access Registrar.
| Component | Requirement |
|---|---|
CPU Architecture | SPARC |
OS Version | Solaris 2.5.1 |
Minimum RAM | 64 MB |
Recommended RAM | 128 MB |
Recommended Disk Space | 80 MB |
Table 1-2 lists the system requirements for installing the server-only component of Cisco Access Registrar.
| Component | Requirement |
|---|---|
CPU Architecture | SPARC |
OS Version | Solaris 2.5.1 |
Minimum RAM | 64 MB |
Recommended RAM | 128 MB |
Recommended Disk Space | 60 MB |
Table 1-3 lists the system requirements for installing the configuration-only component of Cisco Access Registrar.
| Component | Requirement |
|---|---|
CPU Architecture | SPARC |
OS Version | Solaris 2.5.1 |
Minimum RAM | 32 MB |
Recommended RAM | 64 MB |
Recommended Disk Space | 25 MB |
 | Caution The recommended disk space does not include the amount of space needed for accounting records which can grow rapidly depending on how frequently you process and remove them from the Cisco Access Registrar disk. If Cisco Access Registrar runs out of disk space, it could cause the loss of accounting information and session management information to become corrupted. |
Depending on whether you received the Cisco Access Registrar software on a product CD or electronically, the installation instructions differ. When you received the software on a product CD, go to section "Installing from the Product CD". When you received the software electronically, do the following:
Step 1 Create a temporary directory (for example, /tmp/AR) to hold the uncompressed installation package.
Step 2 Become root user by typing su, then type the root password.
Step 3 Extract the files from the AR13R1.tar.gz archive into the temporary directory you created in Step 1.
Step 4 Invoke the following command:
host# pkgadd -d /tmp/AR
where, for example, /tmp/AR is the directory you created in Step 1.
Step 5 Go to section "Common Installation Steps".
Step 1 Insert the Cisco Access Registrar product CD into your CD-ROM drive or mount the CD-ROM from your remote server.
Step 2 Become root user by typing su, then type the root password.
Step 3 Invoke the following command:
host# pkgadd -d <cdrom drive>
where <cdrom drive> is the CD-ROM mount point.
Step 1 You are prompted for the package you want to install. Select 1 or the default.
Step 2 Select the location where you want the package installed or accept the default. If the directory does not exist, you are asked if you want it created. Choose Yes.
Step 3 You are prompted for the type of installation you want: Full (both the server and the configuration utility), Server-only, or Configuration-only. Select 1 or accept the default (Full).
(a) If the installation detects a configuration database from a previous installation of Cisco Access Registrar, it asks you if you want to overwrite the database. If you want to start with a clean configuration and remove your session information answer Yes. If you want to keep your original configuration information, answer No.
(b) If you answer No to overwriting the database, the installation asks you if you want to overwrite the session information. If you want to start with an empty session information, answer Yes. If you want to keep your original information, answer No.
Step 4 The installation informs you that it will install scripts that will run as the superuser (su). Answer Yes. If you answer No, the installation will abort.
Step 5 The installation copies all of the files, and starts the AIC Server Agent, which in turn, starts the Cisco Access Registrar server, if you chose to install the server.
Step 6 The installation displays a message informing you it completed successfully.
Step 7 The installation returns to the opening prompt. Choose q to quit the pkgadd program.
The installation populates the AICar1 directory with the subdirectories listed in Table 1-4.
| Subdirectory | Description |
|---|---|
bin | Contains the program executables. |
usrbin | Contains user commands. |
data | Contains the radius directory, which contains session backing files; and the db directory, which contains configuration database files. |
logs | Contains system logs and is the default directory for RADIUS accounting. |
scripts | Contains sample scripts that you can modify to automate configuration, and to customize your RADIUS server. |
examples | Contains documentation, sample configuration scripts, and shared library scripts. |
After you have installed Cisco Access Registrar, which automatically starts the AIC Server Agent, you can verify that the server is running correctly with the aicstatus command. Successfully running this command ensures that you can communicate with the database, communicate with the RADIUS server, and determine whether the server is running or stopped. You can run the aregcmd to log in to the server. You can also run the radclient command to create and send a simple Access-Request.
Step 1 Check that the servers are running, type the aicstatus command:
> /opt/AICar1/usrbin/aicstatusRADIUS server running (pid: 649)
MCD server running (pid: 648)
Server Agent running (pid: 647)
MCD Lock Manager running (pid: 651)
Step 2 If the servers are not running, do the following:
(a) Become superuser (su).
(b) Change to the /etc/init.d directory.
(c) Type the aicservagt command with the start argument:
> ./aicservagt startStarting AIC Server Agent for Access Registrar
Step 1 After the servers are running, run the aregcmd command in interactive mode:
> /opt/AICar1/usrbin/aregcmd
Step 2 Cisco Access Registrar prompts you for the cluster. Type the cluster name or press Enter for localhost.
Step 3 Cisco Access Registrar prompts you for the admin login and password. Use admin for the admin name, and aicuser for the password.
Step 4 Cisco Access Registrar prompts you to enter a valid license key. Enter the license key that is located on the back of the Cisco Access Registrar CD case.
For more information about the license key, see the "Using Cisco Access Registrar's License" section.
Step 1 Run the radclient command.
> /opt/AICar1/usrbin/radclient
Step 2 Enter the cluster name.
Step 3 Enter the administrator's username and password (as defined in Cisco Access Registrar's configuration). Use admin for the admin name, and aicuser for the password.
Step 4 Create a simple Access-Request packet for User-Name bob and User-Password bob. At the prompt, type:
The radclient command displays the ID of the packet p001.
Step 5 Send the request to the default host (localhost), type:
--> p001 sendp002
--> p002Packet: code = Access-Accept, id = 1, length = 62,
attributes =
Service-Type = Framed
Framed-Protocol = PPP
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = VJ TCP/IP header compression
Ascend-Idle-Limit = 1800
-->
The radclient command displays the response, an Access-Accept, when the server is running properly.
Step 1 Type the aregcmd command.
> /opt/AICar1/usrbin/aregcmd
Step 2 Type your cluster administrator name and password. The installation default is admin for the administrator and aicuser for the password.
Step 3 When you see the message that you have an invalid license key, you must enter a valid key.
Step 4 Cisco Access Registrar displays the license key at the cluster level and displays the number of days left on the license. For example:
[ //RadiusServer ] LicenseKey = WXYZ-WXYZ-WXYZ-WXYZ (expires in 30 days) Radius/ Administrators/
If your license key has expired, and you have received a new license key from Cisco, you can enter the new key by using the set command.
Step 1 Type the aregcmd command.
> /opt/AICar1/usrbin/aregcmd
Step 2 Type your cluster administrator name and password. The installation default is admin for the administrator and aicuser for the password.
Step 3 Use the set command and specify the new license key. Note, the license key is not case sensitive.
--> set LicenseKey <ABCD>-<ABCD>-<ABCD>-<ABCD>
Posted: Thu Aug 19 08:09:49 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.