RSA Security Home Security System 3.6.0 User Manual
RSA SecurID Authentication Command Examples
This section provides examples of all of the commands that are used to specify settings for the RSA
Authentication Manager servers.
Authentication Manager servers.
AAA:0 >>securid primary authentication server address 10.242.131.11
AAA:0 >>securid authentication port 4500
AAA:0 >>securid primary authentication server name bigsky1.com
AAA:0 >>securid authentication encryption des
AAA:0 >>securid authentication retransmit 7
AAA:0 >>securid authentication timeout 3
AAA:0 >>securid authentication version version_5
AAA:0 >>securid authentication port 4500
AAA:0 >>securid primary authentication server name bigsky1.com
AAA:0 >>securid authentication encryption des
AAA:0 >>securid authentication retransmit 7
AAA:0 >>securid authentication timeout 3
AAA:0 >>securid authentication version version_5
Note: *If you do not specify a UDP port, retransmit value, timeout,
version, encryption, or name for the RSA Authentication Manager server,
the LX unit will use the default values for these settings.
the LX unit will use the default values for these settings.
RSA SecurID Local Subscriber Feature
Under the RSA Authentication Manager Local Subscriber Feature, a subscriber can be logged on in one
of two ways:
of two ways:
•
As an LX subscriber with the attributes of that subscriber (if the LX subscriber account exists)
•
Or, if the LX subscriber account does not exist, as the default (InReach) subscriber.
Under either scenario, the subscriber must have an account on the RSA Authentication Manager server.
If the subscriber account also exists on the LX unit, the subscriber is logged on under that account and
given the attributes of that account. If the subscriber account does not exist on the LX unit, the subscriber
is logged on under his RSA Authentication Manager account with the attributes of the default (InReach)
account.
If the subscriber account also exists on the LX unit, the subscriber is logged on under that account and
given the attributes of that account. If the subscriber account does not exist on the LX unit, the subscriber
is logged on under his RSA Authentication Manager account with the attributes of the default (InReach)
account.
Use the securid local subscriber enable command to configure the RSA Authentication Manager Local
Subscriber Feature for the LX unit; for example:
Subscriber Feature for the LX unit; for example:
AAA:0 >>securid local subscriber enable
When the RSA Authentication Manager Local Subscriber Feature is set to only, the subscriber can only
be logged in if the subscriber account is configured on both the LX unit and the RSA Authentication
Manager server and the subscriber account on the LX server has the same name as the subscriber
account on the RSA Authentication Manager server.
be logged in if the subscriber account is configured on both the LX unit and the RSA Authentication
Manager server and the subscriber account on the LX server has the same name as the subscriber
account on the RSA Authentication Manager server.
Use the securid local subscriber only command to set the RSA Authentication Manager Local
Subscriber Feature to only; for example:
Subscriber Feature to only; for example:
AAA:0 >>securid local subscriber only
RSA SecurID sdconf.rec
The LX software now supports the import of sdconf.rec files. To use the sdconf.rec file, download it into
the LX / config directory. If this file is present on the LX, the RSA Authentication Manager system
characteristics included within the sdconf.rec file will be used, and configuration of the RSA
Authentication Manager attributes will be blocked at the CLI command level.
the LX / config directory. If this file is present on the LX, the RSA Authentication Manager system
characteristics included within the sdconf.rec file will be used, and configuration of the RSA
Authentication Manager attributes will be blocked at the CLI command level.
To download the sdconf.rec file:
1. Go to the shell.
2. Change to the directory cd / config directory.
3. From /config, perform an FTP and retrieve the sdconf.rec file.
2. Change to the directory cd / config directory.
3. From /config, perform an FTP and retrieve the sdconf.rec file.
5