Agents How to Guide

From Swivel Knowledgebase
Jump to: navigation, search


Overview

Agents are required to allow Agent-XML authentications to be made against the Swivel server. This document outlines how to use, configure and add agents.


Prerequisites

Swivel 3.x


How to add an Agent

The Agents allows devices to communicate with the Swivel core for authentication information. Only devices specified by IP address and shared secret are permited to authenticate. Multiple Agent entries can be created, even from the same IP address provided the shared secrets are different for each device.

On the Swivel administration console select Server/Agents. Enter the details for the agent and click on apply, the agent will then be saved. The following attributes are available:

Name: A descriptive name that is used in the Swivel logs

Hostname/IP: The Hostname or IP address of the device that will be making the agent requests. Ranges can be specified using CIDR (Classless Inter-Domain Routing) notation, for example if you put an IP address of 192.168.1.0/24, this will cover all IP addresses starting with 192.168.1.x.

Shared secret: A password that must be entered on the Swivel server agent and the device that will be making agent requests.

Group: Default: ANY, Options: ANY, Swivel group names. Here a specific access device can be configured to only allow certain groups of users to authenticate to that device.

Authentication Modes: Default: ANY, Options: ANY, Dual Channel Only, Single Channel Only. The access device can be configured to allow any type of authentication or to only allow only dual channel or allow only single channel authentication.

Check Password with repository: Yes/No, default No, This allows the repository password to be checked against the repository, by Swivel for the specified Agent. This option was moved from a global setting to an Agent and also to RADIUS NAS setting in Swivel 3.8. See Password How to Guide and LDAP How to Guide.

Username attribute for repository: Default: blank, the attribute to be used for this Agent. See also User Attributes How To.

Allow alternative usernames: Yes/No, default No. See also User Attributes How To.

Alternative username attributes: Default: blank, the additional attributes to be used for this Agent, each attribute should be seperated by a comma, ','. See also User Attributes How To.

Can act as Repository: Yes/No, default No, the Agent can act as a repository

URL Check Password: Default: blank, used by the Remote Sync Agent to check a password against a repository

Encryption/Decryption key: Default: blank, used by the Remote Sync Agent for secure communications


Example configuration

PINsafe 37 Server Agents example.jpg


Using additional attributes for authentication

When using additional attributes for authentication see User Attributes How To


Testing

Configure the agents, make agent requests and check the logs.


Known Issues

Troubleshooting

AgentXML request failed, error: The agent is not authorised to access the server.

An Agent-XML request is being made against the Swivel server but is not permitted to do so. If access should be allowed create an entry on the Swivel Administration Console under Server/Agents. If an entry exists verified the shared secret is the same on Swivel and the access device.

Retrieved from "https://kb.swivelsecure.com/w/index.php?title=Agents_How_to_Guide&oldid=1779"