On the Primary Authentication Manager Server

Add the Replicas to the Database:

1. Log on as root on the Primary.

2. Stop the Report Creation utility. Execute below from /ace/prog

./rptconnect stop

3. Stop the RSA Authentication Manager services and database brokers. Execute below
from /ace/prog directory

./aceserver stop
./sdconnect stop

4. To Generate the Replica Package

Excute the below command from /ace/prog directory
./sdsetup –package

One Primary and 1 Replica Servers in the database.

Current license allows adding 9 more Replica(s) to your database.
Do you want to add new Replicas before generating Replica Package? (y/n) [n]: n
There are '1' Replica(s) in the database.
Do you want to generate Replica Package for all known Replicas (y/n) [y]:
Generating Replica Package for all known Replica Servers.
RSA Authentication Manager Replica Management 6.1 [299]
Copyright (c) 1994-2005
RSA Security Inc.
Generating Replica package for the following systems:
--------------------------------------------------------------------
| Hostname | IP Address |
--------------------------------------------------------------------
| replica.securid.com | 192.168.142.52 |
--------------------------------------------------------------------
Creating package directories...
Updating database...
Truncating BI file...
Copying files into the package...
Finalizing package...
Package creation complete.
Replica package was generated successfully.

Start the Authentication Manager Services

Go to the installed /opt/ace/prog folder, execute
./sdconnect start
./aceserver start
Copy the created replica package from /ace/data folder to the replica machine
Add the Replica Server as a Agent Host by starting Authentication Manager Host
./sdadmin
Agent Host > Add Agent Host
Pre-Setup Instructions on Linux Replica Server
1. Check hostname and IP of the Server in the hosts file
cat /etc/hosts
192.168.142.52 replica.securid.com replica localhost.localdomain localhost
2. Add the hostname and IP address of the Primary Server in the /etc/hosts file
192.168.142.51 primary.securid.com primary localhost.localdomain localhost
192.168.142.52 replica.securid.com replica localhost.localdomain localhost

3. Add the below in the /etc/services

securid 5500/udp
securidprop_00 5505/tcp
securidprop_01 5506/tcp
securidprop_02 5507/tcp
securidprop_03 5508/tcp
securidprop_04 5509/tcp
securidprop_05 5510/tcp
securidprop_06 5511/tcp
securidprop_07 5512/tcp
securidprop_08 5513/tcp
securidprop_09 5514/tcp
securidprop_10 5515/tcp
sdlog 5520/tcp
sdserv 5530/tcp
sdreport 5540/tcp
sdadmind 5550/tcp
sdlockmgr 5560/tcp
sdcommd 5570/tcp
sdoad 5580/tcp
tacacs 49/tcp #TACACS+

4. Go to the Installation file folder, Execute

./sdsetup –replica
Below are the few screen instructions that we get during installation.

Are you a customer ordering this RSA product from RSA Security Inc., from either
North
America, South America or the People's Republic of China (Excluding Hong Kong)?
(y/n) [y]
Accept EULA Agreement
Do you accept the License Terms and Conditions
stated above? ([A]ccept/[D]ecline) [D] A
You must specify a top level directory path where the RSA Authentication Manager
software should reside.
Enter the top level directory path: /opt
What is the name of the Replica Package directory ? /root/replica_package
You have specified directory '/root/replica_package'. Is this correct: (y/n/q) [y]:
RSA Authentication Manager Configuration Utility 6.1 [299]
Upgrading sdconf.rec file.
If you have not done so already, ensure that the system time is set
accurately. To obtain the current Coordinated Universal Time
(UTC) you can call a reliable time service. You can call the
following United States telephone number +1 303-499-7111.
The system clocks on the Primary and Replica Servers
must be set to the same time (to within one minute).
The overall installation may take from 5 to 90 minutes.
The current time is Tue Oct 21 16:51:44 IST 2008
Moving RSA Authentication Manager Replica Server software to
'/opt/ace/prog'...
The current time is Tue Oct 21 16:51:44 IST 2008
Moving RSA Authentication Manager database software to
'/opt/ace/rdbms'...
The current time is Tue Oct 21 16:51:44 IST 2008
Uncompressing Progress software...
The current time is Tue Oct 21 16:51:44 IST 2008
Uncompressing RSA Authentication Manager Replica Server software...
The current time is Tue Oct 21 16:51:51 IST 2008
Moving all utility files into
/opt/ace/utils...
The current time is Tue Oct 21 16:51:51 IST 2008
Moving README files into
/opt/ace/doc...
The current time is Tue Oct 21 16:51:51 IST 2008
Moving all admin utility files into
/opt/ace/utils...
The current time is Tue Oct 21 16:51:52 IST 2008
Creating RSA Authentication Manager Replica Server runtime scripts...
Changing file group IDs...
The current time is Tue Oct 21 16:51:54 IST 2008
Changing file ownerships...
The current time is Tue Oct 21 16:51:54 IST 2008
Changing file permissions...
Created symbolic link /usr/lib/libsdxauthr.so to reference
external authorization library /opt/ace/prog/libsdxauthr.so
The current time is Tue Oct 21 16:51:54 IST 2008
Applying database files from Replica Package...
Creating new databases......
Copyright 1994 - 2005 by RSA Security Inc.
RSA Authentication Manager 6.1
---ALL RIGHTS RESERVED---
Creating server database...
Creating log database...
New log database creation completed
Server database has been initialized
New server database creation completed
Preparing databases......
Copying database files from /root/replica_package/database directory.
Do you want to modify service name and port number for the current Replica Server?
(y/n) [n]:
y
Settings for current Replica are:
Service Name: "securidprop_01"
Port Number: "5506"
Enter new Service Name or press Enter to leave it unchanged:
Enter new Port Number or press Enter to leave it unchanged:
No new Service Name or Port Number has been specified.
The current settings will remain unchanged.
Changing file group IDs...
The current time is Tue Oct 21 16:52:15 IST 2008
Changing file ownerships...
Copyright 1994 - 2005 by RSA Security Inc.
RSA Authentication Manager 6.1
---ALL RIGHTS RESERVED---
Server License and Configuration 6.1 [299]
LICENSE CREATION: Jan 21 2003
LICENSE ID: ********
RSA Authentication Manager version: 6.1 [299]
Config File Version: 14
FILE OWNERSHIP: root
AGENT RETRY: 5 times
AGENT TIMEOUT: 5 sec
DES/RC5 ENCRYPTION: allowed and enabled
TACACS PLUS: disabled
PRIMARY RSA Authentication Manager: primary.securid.com
PRIMARY RSA Authentication Manager ADDRESS: 192.168.142.51
THIS SERVER: replica.securid.com
THIS SERVER ADDRESS: 192.168.142.52
ACTING MASTER SERVER: not configured
ACTING SLAVE SERVER: not configured
REPLICA TIMEOUT 30 sec
REPLICA HEARTBEAT 300 sec
AUTHENTICATION SERVICE: securid
PORT NUMBER: 5500
ADDRESSES: By IP address in the database
ADMINISTRATION SERVICE: sdadmind
PORT NUMBER: 5550
LOCK MANAGER SERVICE: sdlockmgr
PORT NUMBER: 5560
OFFLINE AUTH DATA SERVICE: sdoad
PORT NUMBER: 5580
BAD PASSCODES before setting NEXT TOKENCODE:
UNIX agents: 3
Communications servers: 3
Single transaction agents: 3
NOS agents: 3
BAD PASSCODES before Disabling Token:
UNIX agents: 10
Communications servers: 10
Single transaction agents: 10
NOS agents: 10
RESPONSE DELAY: 2
ALIAS IP ADDRESS LIST: no aliases configured
LICENSE CONFIGURATION
LICENSE: Advanced
NUMBER LICENSED ACTIVE USERS: 1000000
NUMBER LICENSED REPLICAS: 10
NUMBER LICENSED REALMS: 6
This license was created for:
*************
******************
*****
Installation of RSA Authentication Manager Replica Server software complete at Tue
Oct 21
16:52:20 IST 2008.

Go to the installed /opt/ace/prog folder, execute

./sdconnect start
./aceserver start

Start Authentication Manager Host Mode, You would get Warning : Connection to Replica
are
Read-Only
./sdadmin
Select Users > List Users
Verify the user list
To Test Authentication, Execute the below from /ace/prog directory
./sdtestauth