-
null
Installing Cisco Access Registrar
This chapter provides information about installing Cisco Access Registrar 4.1 software. The software is available in CD-ROM form and can also be downloaded from the Cisco.com Web site. The installation instructions differ slightly depending on whether you install the software from the Cisco AR CD-ROM or from downloaded software.
Note 
Cisco Access Registrar 4.1.4 can be used with Solaris 9, Solaris 10, or the Red Hat Enterprise Linux 4.0 32-bit operating system using kernel 2.6.9-22.0.2.EL or later, and Glibc version: glibc-2.3.4-2.13 or later.
The Solaris 8 operating system is no longer supported as of the Cisco AR 4.1.4 release.
This chapter contains the following sections:
•Installing the Cisco AR License File
•Installing Cisco Access Registrar 4.1 Software on Solaris
•Installing Cisco Access Registrar 4.1 Software on Linux
Installing the Cisco AR License File
You must have a license file in a directory on the Cisco AR machine before you attempt to install Cisco AR software. After purchasing Cisco AR, you will receive a license file in an EMail attachment. Save or copy this license file to a directory on the Cisco AR workstation. If you have not installed the Cisco AR license file before beginning the software installation, the installation process will fail.
You can store the Cisco AR license file in any directory on the Cisco AR machine. During the installation process, you will be asked the location of the license file, and the installation process will copy the license file to the /opt/CSCOar/license directory or to the base installation directory you specify when you install the software if you are not using the default installation location.
The license file might have the name ciscoar.lic, but it can be any filename with the suffix .lic. To install the Cisco AR license file, you can copy and paste the text into a file, or you can simply save the file you receive in EMail to an accessible directory.
Installing Cisco Access Registrar 4.1 Software on Solaris
This section describes the software installation process when installing Cisco AR software on a Solaris workstation for the first time. This section includes the following subsections:
•Installing Cisco AR Software from CD-ROM
•Installing Downloaded Software
•Common Solaris Installation Steps
Tips Before you begin to install the software, check your workstation's /etc/group file and make sure that group staff exists. The software installation will fail if group staff does not exist before you begin.
Deciding Where to Install
Before you begin the software installation, you should decide where you want to install the new software. The default installation directory for Cisco AR 4.1 software is /opt/CSCOar. You can use the default installation directory, or you can choose to install the Cisco AR software in a different directory.
Installing Cisco AR Software from CD-ROM
The following steps describe how to begin the software installation process when installing software from the Cisco Access Registrar 4.1 CD-ROM. If you are installing downloaded software, proceed to Installing Downloaded Software.
Step 1 Place the Cisco AR software CD-ROM in the Cisco AR workstation CD-ROM drive.
Step 2 Log in to the Cisco AR workstation as a root user, and enter one of the following command lines:
For Solaris 8:
pkgadd -d /cdrom/cdrom0/kit/solaris-2.8 CSCOar
For Solaris 9:
pkgadd -d /cdrom/cdrom0/kit/solaris-2.9 CSCOar
For Solaris 10:
pkgadd -d /cdrom/cdrom0/kit/solaris-2.10 CSCOar
Step 3 Proceed to Common Solaris Installation Steps.
Installing Downloaded Software
This section describes how to uncompress and extract downloaded Cisco AR software and begin the software installation.
Step 1 Log in to the Cisco AR workstation as a root user.
Step 2 Change directory to the location where you have stored the uncompressed tarfile.
cd /tmp
Step 3 Use the following command line to uncompress the tarfile and extract the installation package files.
zcat CSCOar-4.1.4-sol9-K9.tar.gz | tar xvf -
Note These instructions are for the Solaris 9 package. There is no difference in download or installation procedures for Solaris 9 or Solaris 10 other than the package name.
Step 4 Enter the following command to begin the installation:
pkgadd -d /tmp CSCOar
where /tmp is the temporary directory where you stored and uncompressed the installation files.
Step 5 Proceed to Common Solaris Installation Steps.
Solaris 8 Patch Requirement
Cisco AR 4.1 uses OpenSSL software to generate certificates for 'https' communication. OpenSSL software uses Solaris internal devices /dev/urandom and /dev/random devices while generating certificates, but these devices are not in Solaris 8.
You can add /dev/urandom and /dev/random devices to Solaris 8 by installing patch 112438 (sparc) available at the following URL:
Note If you attempt to install the Cisco AR 4.1.x package in Solaris 8 without this patch, Cisco AR reports an error.
Common Solaris Installation Steps
This section describes the installation process immediately after you have issued the pkgadd command installing from CD-ROM or from downloaded software.
Processing package instance <CSCOar> from </tmp>
Cisco Access Registrar 4.1.4 [SunOS-5.8, official]
(sparc) 4.1.4
Copyright (C) 1998-2008 by Cisco Systems, Inc.
This program contains proprietary and confidential information.
All rights reserved except as may be permitted by prior written consent.
This package contains the Access Registrar Server and the
Access Registrar Configuration Utility. You can choose to
perform either a Full installation or just install the
Configuration Utility.
What type of installation: Full, Config only [Full] [?,q]
Step 6 For a full install, press Enter.
Where do you want to install <CSCOar>? [/opt/CSCOar] [?,q]
Step 7 Press Enter to accept the default location of /opt/CSCOar, or enter a different directory to be used as the base installation directory.
Access Registrar requires FLEXlm license file to operate. A list
of space delimited license files or directories can be supplied as
input; license files must have the extension ".lic".
Where are the FLEXlm license files located? [] [?,q]
Step 8 Enter the directory where you have stored the Cisco Access Registrar 4.1 license file.
Access Registrar provides a Web GUI. It requires J2RE version
1.4.* to be installed on the server.
If you already have a compatible version J2RE installed, please
enter the directory where it is installed. If you do not, the
compatible J2RE version can be downloaded from:
http://java.sun.com/
Where is the J2RE installed? [?,q] /nfs/insbu-cnstools/java
The J2RE is required to use the Cisco AR GUI. If you already have a Java 2 platform installed, enter the directory where it is installed.
Note If you do not provide the J2RE path, or if the path is empty or unsupported, the installation process exits.
Step 9 Enter the directory or mount point where the J2RE is installed.
If you are not using ORACLE, press Enter/Return to skip this step.
ORACLE installation directory is required for ODBC configuration.
ORACLE_HOME variable will be set in /etc/init.d/arserver script
Where is ORACLE installed? [] [?,q]
Step 10 If you plan to use Oracle accounting, enter the location where you have installed Oracle; otherwise press Enter.
If you want to learn about Access Registrar by following the
examples in the Installation and Configuration Guide, you need to
populate the database with the example configuration.
Do you want to install the example configuration now [n] [y,n,?,q]
Step 11 When prompted whether to install the example configuration now, reply Y or N to continue.
You can add the example configuration at any time by
running the command:
/opt/CSCOar/bin/aregcmd -f /opt/CSCOar/examples/cli/add-example-configuration.rc
Note You can delete the example configuration at any time by running the command /opt/CSCOar/usrbin/aregcmd -f /opt/CSCOar/examples/cli/delete-example-configuration.rc.
## Executing checkinstall script.
The selected base directory </opt/CSCOar> must exist before
installation is attempted.
Do you want this directory created now [y,n,?,q] y
Step 12 Enter Y to enable the installation process to create the /opt/CSCOar directory.
Using </opt/CSCOar> as the package base directory.
## Processing package information.
## Processing system information.
## Verifying package dependencies.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
The following files are being installed with setuid and/or setgid
permissions:
/opt/CSCOar/.system/screen <setuid root>
/opt/CSCOar/bin/aregcmd <setgid staff>
/opt/CSCOar/bin/radclient <setgid staff>
Do you want to install these as setuid/setgid files [y,n,?,q]
Step 13 Enter Y to install the setuid/setgid files.
This package contains scripts which will be executed with super-user
permission during the process of installing this package.
Do you want to continue with the installation of <CSCOar> [y,n,?]
Step 14 Enter Y to continue with the software installation.
No further interaction is required; the installation process should complete successfully and the arservagt is automatically started.
Installing Cisco Access Registrar 4.1.4 [SunOS-5.8, official] as <CSCOar>
## Installing part 1 of 1.
/opt/CSCOar/.system/add-example-config
/opt/CSCOar/.system/run-ar-scripts
/opt/CSCOar/.system/screen
/opt/CSCOar/README
/opt/CSCOar/bin/arbug
/opt/CSCOar/bin/nasmonitor
/opt/CSCOar/bin/share-access
/opt/CSCOar/bin/xtail
/opt/CSCOar/java/javadoc.tar.gz
/opt/CSCOar/lib/getopts.tcl
.
.
.
# setting up product configuration file /opt/CSCOar/conf/car.conf
# linking /etc/init.d/arserver to /etc/rc.d files
# setting ORACLE_HOME and JAVA_HOME variables in arserver
# removing old session information
# flushing old replication archive
# creating initial configuration database
Rollforward recovery using "/opt/CSCOar/data/db/vista.tjf" started Fri Mar 10 13:54:54 2006
Rollforward recovery using "/opt/CSCOar/data/db/vista.tjf" finished Fri Mar 10 13:54:55 2006
# installing example configuration
We will now generate an RSA key-pair and self-signed certificate that
may be used for test purposes
Generating a 1536 bit RSA private key
.....++++
...............++++
writing new private key to '/cisco-ar/certs/tomcat/server-key.pem'
-----
Server self-signed certificate now resides in /cisco-ar/certs/tomcat/server-cert.pem
Server private RSA key now resides in /cisco-ar/certs/tomcat/server-key.pem
Remember to install additional CA certificates for client verification
Tomcat private RSA key now resides in /cisco-ar/certs/tomcat/server-key.pem
Starting Access Registrar Server Agent...
completed.
The Radius server is now running.
# done with postinstall.
Installation of <CSCOar> was successful
hostname root /tmp##
Configuring SNMP
If you choose not to use the SNMP features of Cisco Access Registrar, the installation process is completed. To use SNMP features, complete the configuration procedure described in Configuring SNMP, page 4-14.
RPC Bind Services
The Cisco AR server and the aregcmd CLI requires RPC services to be running before the server is started. If the RPC services are stopped, you must restart RPC services, then restart the Cisco AR server. Use the following commands to restart RPC services:
/opt/CSCOar/bin/arserver stop
/etc/init.d/rpc start
/opt/CSCOar/bin/arserver start
If RPC services are not running, the following message is displayed when you attempt to start aregcmd:
Login to aregcmd fails with the message:
400 Login failed
Installing Cisco Access Registrar 4.1 Software on Linux
This section describes the software installation process when installing Cisco AR software on a Linux workstation for the first time. This section includes the following subsections:
•Installing Cisco AR Software from CD-ROM
•Common Linux Installation Steps
Tips Before you begin to install the software, check your workstation's /etc/group file and make sure that group staff exists. The software installation will fail if group staff does not exist before you begin.
Deciding Where to Install
Before you begin the software installation, you should decide where you want to install the new software. The default installation directory for Cisco AR 4.1 software is /opt/CSCOar. You can use the default installation directory, or you can choose to install the Cisco AR software in a different directory.
Installing Cisco AR Software from CD-ROM
The following steps describe how to begin the software installation process when installing software from the Cisco Access Registrar 4.1 CD-ROM. If you are installing downloaded software, proceed to Installing Downloaded Software.
Step 1 Place the Cisco Access Registrar 4.1 software CD-ROM in the Cisco AR workstation CD-ROM drive.
Step 2 Log in to the Cisco AR workstation as a root user and find a temporary directory, such as /tmp, to store the Linux installation file.
Note The temporary directory requires at least 70 MB of free space.
Step 3 Change directory to the CD-ROM.
cd /cdrom/cdrom0/kit/linux-2.4
Step 4 Copy the CSCOar-4.1.4-lnx26-install-K9.sh file to the temporary directory.
cp CSCOar-4.1.4-lnx26-install-K9.sh /tmp
Step 5 Change the permissions of the CSCOar-4.1.4-lnx24-install-k9.sh file to make it executable.
chmod 777 CSCOar-4.1.4-lnx26-install-K9.sh
To continue the installation, proceed to Common Linux Installation Steps.
Common Linux Installation Steps
This section describes how to install the downloaded Cisco AR software for Linux and begin the software installation.
Note The Cisco AR Linux installation automatically installs aregcmd and radclient as setgid programs in group adm.
Step 1 Log in to the Cisco AR workstation as a root user.
Step 2 Change directory to the location where you have stored the CSCOar-4.1.4-lnx26-install-K9.sh file.
cd /tmp
Step 3 Enter the name of the script file to begin the installation:
./CSCOar-4.1.4-lnx24-install-k9.sh
Name : CSCOar Relocations: /opt/CSCOar
Version : 4.1.4 Vendor: Cisco Systems, Inc.
Release : 1140764415 Build Date: Thu Dec 23 23:55:51 2007
Install date: (not installed) Build Host: arcanine.cnslab.cisco.com
Summary : Access Registrar, a carrier-class RADIUS server
build_tag: [Linux-2.6.20, official]
Copyright (C) 1998-2007 by Cisco Systems, Inc.
This program contains proprietary and confidential information.
All rights reserved except as may be permitted by prior written consent.
This package contains the Access Registrar Server and the Access
Registrar Configuration Utility. All the Client, Server, and
Configuration utilities will be installed.
Where do you want to install <CSCOar>? [/opt/CSCOar] [?,q]
Step 4 Press Enter to accept the default location of /opt/CSCOar, or enter a different directory to be used as the base installation directory.
Access Registrar requires FLEXlm license file to operate. A list
of space delimited license files or directories can be supplied as
input; license files must have the extension ".lic".
Where are the FLEXlm license files located? [] [?,q]
Step 5 Enter the directory where you have stored the Cisco AR license file.
Access Registrar provides a Web GUI. It requires J2RE version 1.4.*
to be installed on the server.
If you already have a compatible version of J2RE installed, please
enter the directory where it is installed. If you do not, the
compatible J2RE version can be downloaded from:
http://java.sun.com/
Where is the J2RE installed? [] [?,q]
The J2RE is required to use the Cisco AR GUI. If you already have a Java 2 platform installed, enter the directory where it is installed.
Note If you do not provide the J2RE path, or if the path is empty or unsupported, the installation process exits.
If you are not using ORACLE, press Enter/Return to skip this step.
ORACLE installation directory is required for ODBC configuration.
ORACLE_HOME variable will be set in /etc/init.d/arserver script
Where is ORACLE installed? [] [?,q]
Step 6 Enter the location where you have installed Oracle, otherwise press Enter.
If you want to learn about Access Registrar by following the examples
in the Installation and Configuration Guide, you need to populate
the database with the example configuration.
Do you want to install the example configuration now? [n]: [y,n,?,q] y
Step 7 When prompted whether to install the example configuration now, reply Y or N to continue.
Note You can delete the example configuration at any time by running the command /opt/CSCOar/usrbin/aregcmd -f /opt/CSCOar/examples/cli/delete-example-configuration.rc.
unpack the rpm file done
Preparing... ########################################### [100%]
1:CSCOarui-add ########################################### [100%]
Archive: ./jakarta-tomcat-4.0.6.zip
creating: /opt/CSCOar/jakarta-tomcat-4.0.6/bin/
inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/bin/bootstrap.jar
inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/bin/catalina.bat
inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/bin/catalina.sh
inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/bin/cpappend.bat
inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/bin/digest.bat
inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/bin/digest.sh
inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/bin/jasper.bat
inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/bin/jasper.sh
.
.
.
Rollforward recovery using "/opt/CSCOar/data/db/vista.tjf" finished Fri Mar 10 15:30:40 2007
# add-example-config y
calling gen-tomcat
We will now generate an RSA key-pair and self-signed certificate that
may be used for test purposes
Generating a 1536 bit RSA private key
.....................++++
.........................................++++
writing new private key to '/cisco-ar/certs/tomcat/server-key.pem'
-----
Server self-signed certificate now resides in /cisco-ar/certs/tomcat/server-cert.pem
Server private RSA key now resides in /cisco-ar/certs/tomcat/server-key.pem
Remember to install additional CA certificates for client verification
Tomcat private RSA key now resides in /cisco-ar/certs/tomcat/server-key.pem
Starting Access Registrar Server Agent..completed.
The Radius server is now running.
hostname root /tmp###
Configuring SNMP
If you choose not to use the SNMP features of Cisco AR, the installation process is completed. To use SNMP features, complete the configuration procedure described in Configuring SNMP, page 4-14.
Feedback