LoginTC RADIUS Connector Upgrade Guide

Overview

Important: LoginTC RADIUS Connector 2.X End-of-life

The LoginTC RADIUS Connector 2.X virtual appliance is built with CentOS 6.8. CentOS 6.X is End of Lifetime (EOL) November 30th, 2020. See CentOS Product Specifications. Although the appliance will still function it will no longer receive updates and nor will it be officially supported.

New LoginTC RADIUS Connector 3.X

A new LoginTC RADIUS Connector 3.X virtual appliance has been created which runs CentOS 7.7.1908. It is virtually identical to the existing appliance, with the exception of the underlying operating system. Inline upgrade from CentOS 6.X to CentOS 7.X is not supported. As a result upgrade is deploying a new appliance. A migration script has been created to help quickly copy over existing configurations and ssl certificates to the new appliance and minimize manual steps.

LoginTC RADIUS Connector 3.X

Step 1: Upgrade to version 3.X+

  1. Download the latest LoginTC RADIUS Connector:
  2. Unzip the file
  3. Import the virtual appliance your computer virtualization software
  4. Ensure that the LoginTC RADIUS Connector has a virtual network card
  5. Start the virtual appliance
  6. You will be presented with a console dashboard:
  7. The first thing you must do is set the logintc-user password:
  8. By default the appliance network is configured by DHCP. If you wish to manually configure the network, use the Down arrow key to navigate to Network Configuration and DNS Configuration
  9. For access to the web interface select Web Server and then Start: It may take 5-10 seconds to start the first time:
  10. Once started, access the web interface by navigating to the URL mentioned in the information box:

The LoginTC RADIUS Connector runs CentOS 7.7 with SELinux. A firewall runs with the following open ports:

Port Protocol Purpose
22 TCP SSH access
1812 UDP RADIUS authentication
1813 UDP RADIUS accounting
8888 TCP Web interface
443 TCP Web interface
80 TCP Web interface
80 TCP Package updates (outgoing)
123 UDP NTP, Clock synchronization (outgoing)

Note: Username and Password

logintc-user is used for SSH and web access. The default password is logintcradius. You will be asked to change the default password on first boot of the appliance and will not be able to access the web interface unless it is changed.


The logintc-user has sudo privileges.

Step 2: Run migration script

  1. SSH into the 3.X virtual appliance or open the console (use same username / password as web GUI)
  2. cd /tmp
  3. curl -O https://www.logintc.com/downloads/logintc-radius-connector-migrate-1.0.1.sh
  4. sudo sh logintc-radius-connector-migrate-1.0.1.sh IP_ADDRESS_EXISTING_LOGINTC_RADIUS_CONNECTOR
    • Set IP_ADDRESS_EXISTING_LOGINTC_RADIUS_CONNECTOR to the IP Address of the LoginTC RADIUS Connector you will be migrating from.
  5. Review the notice to continue
  6. Ensure the correct IP Address was entered, then enter the password for the logintc-user on the existing LoginTC RADIUS Connector

The migration script will restart services once it is complete (2-4 seconds).

Note: NTP Server settings are not migrated

NTP Server settings can be updated on the web based control panel under Settings > NTP Server.

Upgrade Script Download Verification

Execute: sha1sum /tmp/logintc-radius-connector-migrate-1.0.1.sh

Output SHA‑1 should match: a0ebbb5fa349af8cc8e9f66a337c5b1195626e1c

Step 3: Test Configuration on LoginTC RADIUS Connector

Close the console and navigate to your appliance web interface URL. Use username logintc-user and the password you set upon initial launch of the appliance. Select a Configuration and then Test Configuration. Ensure that it behaves as expected.

Step 4: Configure RADIUS Client to leverage new LoginTC RADIUS Connector

Now configure the RADIUS Client (i.e. VPN, Web Access Manager, Unix host etc…) to point to the new LoginTC RADIUS Connector. Please refer to the appropriate documentation: LoginTC Connectors. Test that the environment behaves as appropriate.

An alternative method would be to set the static IP Address of the new LoginTC RADIUS Connector to the same as the old one. The old appliance will need to an alternative IP Address to avoid network conflicts.`

Troubleshooting

Need help? Please see our Help Page, Knowledge Base or contact us directly at support@cyphercor.com.