Training iChain to Talk to an RSA ACE/Server via RADIUS
Novell Cool Solutions: Tip
Digg This -
Posted: 18 Sep 2003
We are setting up iChain to talk directly to an RSA ACE/Server via RADIUS (we are not using NMAS at this point). A trace shows iChain is sending the RADIUS requests but receiving no responses. iChain can ping the ACE/Server and the RADIUS port (we are using 1812) is open. In the ACE/Server activity log we see the error "Agent Host not found." We have set up an agent host in the ACE/Server administration utility and configured it with the DNS/IP address of our iChain server, agent type of Net OS (tried other agent types too), DES encryption, set to use all locally known users, encryption key equal to the shared secret, and associated the agent host with an ACE/Server (only 1 in this environment). We also generated the configuration file and restarted all of the ACE/Server services. We are using ACE/Server version 5.1 on Windows 2003.
Turns out it was wrong to add the iChain server as a secondary node to the ACE/Server agent host. The ACE/Server agent host is still required but we had to add iChain as a separate agent host. We also had to install the agent client software on the ACE/Server and disable a second NIC in the server (which was not being used but had picked up a 169.254... address). As soon as we did these things it began working successfully.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com