Running the Steel-Belted Radius Carrier Configure Script
Navigate to the directory where you installed the Steel-Belted Radius Carrier package (/opt/JNPRsbr/radius/install).
Execute the configure script to install the Steel-Belted Radius Carrier server software:
Review and accept the Steel-Belted Radius Carrier license agreement.
Press the spacebar to move from one page to the next. When you are prompted to accept the terms of the license agreement, enter y.
Do you accept the terms in the license agreement? [n]y
Enter the license key or keys that you collected in the preparatory step Obtaining License Keys. Then press Enter.
The configure script creates a license file that contains the key on the server for your Steel-Belted Radius Carrier software.
--------------------------------------------------------------------------- SBR 8.40.50006 on SunOS 5.10 Generic_141444-09 node sbrha-10.spgma.juniper.net ---------------------------------------------------------------------------
Enter SBR licenses meant only for this particular SBR node. Enter one license per line and an empty line when finished. Enter SBR full license: 1234 5678 9100 1234 5678 9100 0050 Enter SBR feature license:
If you are using a 32-bit Linux machine, you receive a warning that your system requires a 64–bit architecture to be able to execute the separate session database process. Enter Y to continue.
WARNING: sbr-blr-vm7.englab.juniper.net is 32 bit Linux Machine Warning : cstserver-64 executable requires 64bit architecture. You can proceed to use SBR in local mode (i.e CST hosted within RADIUS). Would you wish to continue.. [Y/N] ?: Y
The script warns that you are changing the server configuration and prompts you to continue. Enter y to continue.
Generating configuration files
WARNING: You are about to make irreversible changes to this node. Are you sure that you wish to continue? (y,n): y
On a Solaris platform:
Specify whether you want to use a Secure Sockets Layer (SSL) with the LDAP plug-in.
Use of SSL with the LDAP plug-in requires the installation of SASL. Do you plan to use LDAP with SSL enabled [n]?
Enter y to use the SSL with the LDAP plug-in. Use of SSL with the LDAP plug-in requires the installation of the Simple Authentication and Security Layer (SASL) package. The configure script checks whether the SASL package is installed in your system.
Checking if SASL package [SMCSASL] is installed in the machine....
If the SASL package is not installed in your system, the installation of Steel-Belted Radius Carrier server software is aborted. You receive the following warning:
WARNING: You have opted to use LDAP plug-in with SSL feature enabled. However you do not have SASL package[SMCSASL] installed in your machine. It can found in the URL http://sunfreeware.com/introduction.html Please install SASL package and then run configure again Exiting from configure script.........
If the SASL package is installed in your system, you are prompted to enter the type of installation.
Enter n, if you do not plan to use the SSL with the LDAP plug-in. You receive a warning and are then prompted to enter the type of installation:
WARNING: In the future if you decide to use the LDAP plug-in with SSL enabled, please first ensure that the SASL package is installed in your machine before changing the configuration.
If you enable SSL with the LDAP plug-in without installing the SASL package while Steel-Belted Radius Carrier is running, the LDAP plug-in is disabled and you receive the following warning:
WARNING: SASL libraries required to support SSL with LDAP authentication are not installed. At least one LDAP authentication module is configured to use SSL and has been disabled. Please install SASL, which can be found at https://sunfreeware.com/programlistsparc10.html, re-enable the LDAP plug-in(s), and restart SBR.
The script prompts for the type of installation, either a new installation or a migration from an earlier release:
Please enter backup or radius directory from which to migrate. Enter n for new configuration, s to search, or q to quit [n]: n
For a new installation, enter n.
If you are migrating an existing Steel-Belted Radius Carrier installation and have copied a previous release’s files to the Release 8.4.1 server (in Creating a Copy of Existing SBR Server Release Files for Migration), enter the directory path to the copy of the old installation.
If you are migrating an existing Steel-Belted Radius Carrier installation and have copied a previous release’s files to the Release 8.4.1 server (in Creating a Copy of Existing SBR Server Release Files for Migration), but you need to search for the directory that contains the Steel-Belted Radius Carrier files, enter s.
Steel-Belted Radius Carrier Release 8.4.1 supports importing configuration files from previous versions of SBR Carrier.
If you select this option, remember that some files require manual editing and updating after installation. See Migrating from Previous SBR Releases.
Do you want to configure Java Runtime Environment for JDBC Feature [n] :
If no, press Enter to proceed to the next prompt. SBR Carrier does not support JDBC plug-ins unless you specify a valid JRE path.
If yes, type y and press Enter. You are prompted to specify the path where the JRE is installed in your system. The Java Virtual Machine (JVM) architecture should be compatible with SBR Carrier.
Java 1.7.0 or a later version is required to access the Web GUI. To support both JDBC plug-ins and Web GUI, it is recommended to use Java 1.7.0 or a later version with the JVM architecture compatible with your SBR Carrier. For example, if you are using the 32-bit version of SBR Carrier, you must use the 32-bit version of Java 1.7.0 or later.
Enter 32-bit libjvm.so path (Ex: /opt/jvm/jre/lib/i386/client/ ) :
If you enter an incorrect JVM path three times, SBR Carrier proceeds to the next step. In this case, you will not be able to use JDBC plug-ins. To specify the valid JVM path, you need to run the configure script again.
Supply the name of the initial admin user, root.
Enter initial admin user (UNIX account must have a valid password) [root]:
Press Enter to accept the default, root.
Specify whether you want to set up centralized configuration management (CCM).
Enable Centralized Configuration Management (CCM) for this SBR node? [n]: y
If you have enabled CCM, specify the server role.
Configure SBR node as CCM primary (p) or replica (r)? [r]: p
If no other servers have been installed with CCM enabled, this is the first server to be installed, and CCM is used, this server must be the primary. Enter p to set the role as primary.
If you set the role to primary, the script prompts for the host secret string.
Enter primary host secret:
Type the secret string and press Enter.
The script prompts you to confirm the host secret string
Confirm primary host secret:
Type the secret string again and press Enter.
Specify whether you want to use the auto-restart module that automatically restarts the SBR Carrier server in case of an unexpected shutdown.
Do you want to enable "Radius WatchDog" Process? [n]: Y Radius WatchDog feature set to Enable Please ensure that Perl 5 or better is installed.
If Perl version 5 is not installed, the radiusd script will not run, even if enabled by configuration, and SBR Carrier will operate without the auto-restart module running.
Specify whether you want to start the GWrelay process while executing the ./sbrd start script.
Do you want to enable "GWrelay" Process? [n]: y GWrelay will be started with sbrd
Specify whether you want to configure SBR Carrier to provide LDAP server emulation for configuration and statistics using the LCI.
Do you want to enable LCI? [n] :
If no, press Enter to accept the default.
If yes, enter y and press Enter. You are prompted to provide information for LCI configuration.
When you are prompted for the port number, enter the port number that is used for communication between SBR Carrier and the LDAP client.
SBR Carrier uses port 667 as the default for LDAP emulation to avoid conflict with other LDAP servers.
Configure LCI Port : 1026
The script displays the interfaces available in the system. When you are prompted to enter interface addresses on which Steel-Belted Radius Carrier should listen for LCI requests, enter the addresses you want to use from the Available Interfaces list.
LCI Interface Configuration : Available interfaces : 127.0.0.1 10.212.10.66 HELP : Enter one interface per line and an empty line when finished. Enter LCI interface addresses from the above list. Enter LCI interface address : 10.212.10.66 Enter LCI interface address : 127.0.0.1 Enter LCI interface address :
SBR Carrier uses all interfaces for listening to LCI requests if you do not enter any interfaces.
Specify whether you want to change the default LCI password to prevent unauthorized LDAP clients from accessing your database.
Do you want to change LCI Password? [n]:
If no, press Enter to accept the default password.
If yes, enter y and press Enter. You are prompted to enter a new password.
Do you want to change LCI Password? [n]: Y Password must meet the following requirements: 1. 6-8 Alphanumeric characters. 2. No Special characters other than underscore (’_’). Enter Password: Confirm Password: Password will be changed when SBR restarts.
Make sure that the entered password is at least 6 alphanumeric characters and not more than 8 characters in length. The password should not include any special characters other than underscore (’_’).
The configure script also checks whether the LDAP utilities (such as ldapdelete, ldapmodify, and ldapsearch) are installed in your system. For Linux, a warning message is displayed if you have not installed any of these utilities in your system. For Solaris, LDAP utilities are shipped with SBR Carrier package.
Specify whether you want to configure Steel-Belted Radius Carrier for use with an Oracle database.
To support this option, the server must already be configured as an Oracle client. (See Setting Up External Database Connectivity (Optional).)
Configuring for use with generic database Do you want to configure for use with Oracle? [n]:
If no, press Enter to accept the default.
If yes, type y and press Enter. You are prompted for version and path information for the Oracle library files.
Do you want to configure for use with Oracle? [n]: y Supported Oracle versions: 10, 11, 12 What version of Oracle will be used? : 10 Configuring for use with Oracle 10 Setting the environment variable ORACLE_HOME Enter ORACLE_HOME [/dbms/u10/app/oracle/product/10.2.0]: Setting the environment variable LD_LIBRARY_PATH Enter path for Oracle shared libraries [/dbms/u10/app/oracle/product/10.2.0/lib32]: Setting the environment variable TNS_ADMIN Enter TNS_ADMIN [/dbms/u10/app/oracle/product/10.2.0/network/admin]:
You must configure 32-bit Oracle client for 32-bit SBR Carrier and 64-bit Oracle client for 64-bit SBR Carrier.
Specify whether you want the Steel-Belted Radius Carrier server to communicate with an SS7 system using SIGTRAN.
To support this option, the server must already be configured to support SIGTRAN using Signalware. (See Installing the SIGTRAN Interface (Optional) for an overview, and SIGTRAN Support for Steel-Belted Radius Carrier for specific instructions.)
Do you want to configure for use with SS7? [n]: y Configuring for use with SS7 Setting the environment variable OMNI_HOME Enter OMNI_HOME [/opt/JNPRss7]:
Specify whether you want to install the optional SNMP module to monitor your Steel-Belted Radius Carrier server from an SNMP management station.
Do you want to configure SNMP? [n]:
If no, press Enter to proceed to the next prompt.
If yes, type y and press Enter. The installer prompts you for the information it needs to configure the jnprsnmpd.conf and startsnmp.sh files.
When you are prompted for a community string, enter the community string used to validate information sent from the SNMP subagent on the Steel-Belted Radius Carrier server to your SNMP management station.
Choose a community string: public
When you are prompted for a range of IPv4 addresses, specify a starting IP address in Classless Inter-Domain Routing format. To specify that only one host may query the agent, enter the IP address of the host followed by /32. To specify that any host on a designated class C network may query the agent, enter the starting address of the network followed by /24.
Specify the range of IPv4 addresses that may query this agent, such as 184.108.40.206/24.
Address range: 192.168.70.0/24
If you are using SNMPv2, enter the DNS name or IP address of the trap sink to receive trap information from the SNMP subagent on the Steel-Belted Radius Carrier server.
SNMPv2 trap sink: 192.168.70.86
Set the SNMP agent port.
Although you may specify the default SNMP port, 161, we recommend that you specify a different port to avoid contention with other agents that are likely to already be using 161. If you choose an alternate port, make a note of it because your MIB browser needs to be configured to the same setting.
Specify SNMP agent listening port: 24161
Specify a trap sink address, if required.
Optionally specify a trap sink address that will receive SNMPv2 trap
[localhost]: 172.28.72.83 2
SNMPv2 trap sink port:
Configuration of SNMP complete.
The script searches for the Java 1.7.0 or later version in the default system path and displays a confirmation message if found.
Configuring Admin GUI Webserver Compatible Java version found : 1.7.0_20
If the specific version is not found, the script prompts you to enter the directory path where the specific Java version is installed in your system. For example, if the Java version is available in the /usr/java/jdk1.7.0_45/bin/java path, enter only /usr/java/jdk1.7.0_45, do not include bin/java.
Enter Java version 1.7 installed path :
Specify whether you want to install a custom SSL certificate for the Web GUI. For more information about certificates, see the SBR Carrier Administration and Configuration Guide.
Do you want to install custom SSL certificate for Admin WebServer? [n]:
If no, press Enter. A self-signed certificate is created and installed in the web server.
If yes, enter y and press Enter. You are prompted to enter the absolute path where the SSL certificate is available. For example, /opt/customSSLCert.pfx.
Enter the absolute path to certificate. Note: Only *.pfx files are accepted. (Example-/opt/customSSLCert.pfx):
When you are prompted for the password, enter the password to open the SSL certificate.
Enter the password to open the certificate :
Specify whether you want to configure the Steel-Belted Radius Carrier server to autoboot (restart automatically when the operating system is restarted).
Enable (e), disable (d), or preserve (p) RADIUS autoboot [e]: e
Steel-Belted Radius Carrier stores its autoboot settings in the local /radiusdir/radius/sbrd file.
If you enter e (enable), the configure script copies the local sbrd script to /etc/init.d, where it is automatically invoked by the OS whenever the OS is stopped or started.
If you enter d (disable), the configure script removes all copies of the sbrd script from /etc/init.d, thus, disabling autoboot for all versions of Steel-Belted Radius Carrier.
If you enter p (preserve), the configure script does nothing, thereby leaving your previous autoboot scripts unchanged.
When you finish entering settings, the script configures Steel-Belted Radius Carrier with the specified settings and then displays:
The SBR Admin Web GUI can be launched using the following URL: https://<servername>:2909 Configuration complete