RADREP - ACE/Server Integration

RSA ACE/Server Integration

RADREP is an easy to use Windows 32-bit GUI application which, via it's ACE/Server Database communications module, is capable of generating RADIUS usage and billing reports for all users in the ACE/Server Database who have an assigned SecurID token. RADREP has been tested successfully with version 4.x, 5.x and 6.x of RSA ACE/Server. Usually when generating reports from RADIUS accounting logs, the only piece of data in the logs which ties activity to a user is the 'user-name' field. This makes it impossible to group users for charge-back or internal billing purposes. To make report output more meaningful, as well as have the added ability to generate reports for a select Site/Office, Group/Department or single user, more information relating to a user is required. Instead of building it's own database, RADREP is able to import user data direct from the ACE/Server Database, saving you many hours of time and the burden of database and information duplication. Information such as a user's First and Last name, the Site/Office and Group/Department they belong to are key pieces of information which are imported from the ACE/Server database, allowing you to generate RADIUS usage and billing reports for select communities of users. As well as being able to import this extended user information direct from the ACE/Server Database, RADREP can optionally also read this information from a CSV (Comma Separated Values) input file. If grouping of users is not important for you and you only want to report on each unique 'login name', you can import the 'user-names' directly from the RADIUS detail accounting logs and then selectively report on one or all of them.

How to Use RADREP with RSA ACE/Server

Method 1 - When ACE/Server is running on Windows NT4/2000
In order to use RADREP in an integrated fashion with the RSA ACE/Server database, radrep.exe must be run from the same machine that the Primary/Master ACE/Server is installed and running on. Before installing RADREP on the ACE/Server Primary you MUST be logged in as a user with appropriate permissions to administer the ACE/Server database. Usually this is the 'administrator' account but it could be some other user account name depending on how you have installed and setup ACE/Server. To test if you have adequate permissions you can try and run the the ACE/Server 'Host Mode' administration. If it runs then you have adequate permissions otherwise you will have to login as another user that has the correct privileges.

To extract user information from ACE/Server, RADREP communicates with the ACE/Server database via the RSA provided 'apidemon.exe' utility. The 'apidemon.exe' must reside in the same directory as 'radrep.exe' for ACE/Server database communication to be successful.
The 'apidemon.exe' is usually located in the <drive>:\ace\utils\toolkit directory of your ACE/Server Installation.
You must copy the 'apidemon.exe' from this directory into the same directory you installed RADREP to which by default is usually <drive>:\program files\RADREP\. Make sure you are logged into the ACE/Server Windows 2000 Machine with adequate permissions when copying this file. If you are not logged into Windows 2000 as a user that has adequate permissions to the ACE/Server database, then when you run RADREP and attempt to 'Retrieve the user list' from the 'ACE/Server Database' you will receive a database connection error message.
In order to process ACE/Server's RADIUS logs you of course also need to configure the location of these logs in RADREP.

Method 2- When ACE/Server is running on Unix
When using ACE/Server for Unix the only way you can process RADIUS logs is in stand-alone mode. Simply run RADREP on a Windows based machine and copy the RADIUS logs from ACE/Server to that machine for processing and report generation purposes. In order to classify users into a 'Site/Office' and 'Group/Department' as well as provide their full first and last name, you will need to construct your own 'users.csv' file containing these details and then choose 'CSV file' as the 'Retrieve user list from:' method in RADREP. See the RADREP Help files for further details on the format of the 'users.csv' file.

Accounting log Format Requirements
Versions of ACE/Server prior to 5.0 have their RADIUS log output format set to Livingston as default so these logs will work fine with RADREP. In version 5.0 and greater of ACE/Server the default RADIUS accounting log format changed to comma delimited (CSV Format). Although RADREP will process CSV formatted RADIUS log files, if you are using ACE/Server version 5.0 or greater the preferred format is 'Text Format (standard)' which is the Livingston log format. To change this format you will need to run the RSA provided 'rwconfig.exe' utility located in the '<drive>:\ace\prog' directory and change the 'Log File Format' to 'Text Format (standard)'. If you are running ACE/Server for UNIX then the same can be done by running the 'rtconfig' utility located in the '…\ace\prog' directory.

See the 'RADREP - User Manual' for more detailed information on RADREP and how it integrates with ACE/Server.

If you have found this page via a search engine you might want to go to the RADREP Home Page.