August 3, 2011 Article Version: 1.0 Description: This article demonstrates how to setup Radius authentication failover between multiple SafeWord authentication servers. Please note that there are many different ways a radius server can be configured for failover, however in this case, the built-in SafeWord failover mechanism will be used. Steps to reproduce In this scenario, we are using three different servers, including two independent SafeWord authentications servers and a radius server. Moreover, the radius server is setup to failover to either one of the authentication server in case one is unavailable. Cause: Failover between SafeWord authentication servers can fail for different reasons that might not be apparent. In many cases the problem is related to the communication between the authentication engine (AAA) and the Radius server. These communication problems include but not limited to following: 1234- Swec.md5 error, which is related to ssl communication via the SafeWord eaap protocol. Firewall between the Radius server and the SafeWord authentication server. Missing authentication server information in the NFuseStrongAuthenticator.cfg file. Missing authentication engine in the SafeWord RADIUS Server Configuration Solution: In this article we will not focus on the on 1 and 2 because there are other articles dealing with these specific topics, instead, will look into 3 and 4. August 3, 2011 Article Version: 1.0 To configure SafeWord Radius for failover, please follow the steps below: 1- Open the SafeWord RADIUS Server Configuration page 2- Click on the Authentication engine and list you SafeWord authentication servers by IP address. Please note the IP needs to be saved to commit the change and click OK. August 3, 2011 Article Version: 1.0 3- Now, click on Radius client and add your radius client. For example, a Juniper VPN device can be listed here with the same secret key as the one setup on juniper for radius authentication. Please note that the client has to have a configuration for the radius server. August 3, 2011 Article Version: 1.0 4- Finally ensure that both SafeWord authentication servers are listed in the NFuseStrongAuthenticator.cfg file, located in the SafeWord installation directory (C:\Program Files\Aladdin\SafeWord\Common) on SafeWord radius server. Applies to all versions of SafeWord except SafeWord RemoteAccess
© Copyright 2024