• Docs Home
• Platform
  • Multi Factor Flow
  • User Enrollment
  • Domain Attributes
• Guides
  • Admin Panel
  • User Management
  • Applications
  • Admin Logs
  • Authentication Logs
  • Administrator Roles
  • Policies
  • Hardware Tokens (OTP)
  • Software OTP Tokens
  • Email OTP
  • Bypass Codes
  • Devices
  • Phones
  • U2F Tokens
  • Push Number Matching
  • Passcode Grids
  • Enrollment Email
  • LoginTC Managed
• End-User Guides
  • iOS App
  • Android App
  • Chrome Extension
• REST API
  • Users
  • Domains
  • Tokens
  • Bypass Codes
  • Hardware Tokens
  • Sessions
  • Organizations
  • Client Libraries
• Connectors
  • AD FS
  • Apache
  • Array Networks
  • Barracuda
  • Box
  • Check Point
  • Cisco ASA
  • Citrix NetScaler
  • Dropbox
  • F5 BIG-IP APM
  • Fortinet Fortigate
  • Freshdesk
  • Juniper
  • MariaDB
  • Netgate pfSense
  • Office 365
  • OpenAM
  • OpenVPN
  • OpenVPN AS
  • OWA
  • Palo Alto
  • PostgreSQL
  • Pulse Connect Secure
  • RADIUS
  • Two Factor Authentication (MFA) for RD Gateway (RADIUS)
  • Two Factor Authentication (MFA) for Remote Desktop Web Access (RD Web)
  • Sophos UTM
  • SonicWALL SRA
  • SiteMinder
  • Unix SSH
  • VMware Horizon View
  • Web
  • WatchGuard
  • WatchGuard Access Portal
  • Windows Logon and RDP
• Tools
  • User Sync
• Downloads
• Release Notes
  • LoginTC RADIUS Connector
  • LoginTC AD FS Connector
  • LoginTC RD Web Access
  • LoginTC RD Gateway SSO
  • LoginTC OWA
  • LoginTC Windows Logon Connector
  • User Sync Tool
• Service Status
• Knowledge Base
• Help

LoginTC RADIUS Connector Upgrade Guide

• Overview
• Migration
• Applications
• LoginTC RADIUS Connector 4.X
  • Step 1: Upgrade to version 4.X+
  • Step 2: Import from existing deployment
  • Step 3: Test Endpoint on LoginTC RADIUS Connector
  • Step 4: Configure RADIUS Client to leverage new LoginTC RADIUS Connector
• LoginTC RADIUS Connector 3.X
• LoginTC RADIUS Connector 2.X
• Troubleshooting

Overview Migration

Migration tools are built into LoginTC RADIUS Connector 4.X. If you have an existing 3.X appliance deployed you can migrate your configurations to 4.X using the tool, see the full steps: LoginTC RADIUS Connector 4.X.

If you have an existing 2.X appliance deployed you must first upgrade to 2.7.1: LoginTC RADIUS Connector 2.X. Then you will be able to migrate your configurations to 4.X using the tool, see the full steps: LoginTC RADIUS Connector 4.X.

Applications

Applications are services (e.g. VPN or web application) that you want to protect with LoginTC. They allow you to reuse the same LoginTC tokens for a particular Domain across multiple services with their own policies. Policies can only be used with Applications and allow for administrators to specify rules to be applied to groups of users during authentication. This guide will help understand how to upgrade your LoginTC Connectors to take advantage of Applications and Policies.

LoginTC RADIUS Connector 4.X

Step 1: Upgrade to version 4.X+

1. Download the latest LoginTC RADIUS Connector:
   • OVF for ESXi, VirtualBox
   • VHD for Hyper-V
2. Import the virtual appliance your computer virtualization software
   • Instructions for Hyper-V
3. Ensure that LoginTC RADIUS Connector has a virtual network card
4. Start the virtual appliance
5. You will be with a console prompt:
6. Login using the username logintc-user and default password logintcradius:
7. Once logged in type setup:
8. Follow the on-screen prompt to setup a new password for logintc-user:
9. By default the appliance network is not configured. Manually configure the network by typing 1 and hit enter:
10. Follow the on-screen prompts to setup the network. When done, type 1 and enter to confirm the settings:
11. You will be presented with the network configuration which includes the URL to connect to the appliance from a web browser (example https://172.20.221.105:8443):

The LoginTC RADIUS Connector runs Linux with SELinux. A firewall runs with the following open ports:

Port	Protocol	Purpose
1812	UDP	RADIUS authentication
443	TCP	API traffic
8443	TCP	Web interface
123	UDP	NTP, Clock synchronization (outgoing)

Step 2: Import from existing deployment

1. Navigate to the URL shown in the console dashboard (example: https://172.20.221.105:8443):
2. Login using the username logintc-user and the password that was set in the initial setup:
3. Link to your existing LoginTC organization. The 64-character Organization API Key is found on the LoginTC Admin Panel under Settings >page API >page Click to view, also see Organization API Key:
4. Confirm the LoginTC organization name and click Continue to LoginTC RADIUS Connector:
5. Click Yes, import configurations from an existing LoginTC RADIUS Connector:
6. Enter the IP Address and password for the logintc-user on the existing LoginTC RADIUS Connector and click Perform import verification:
7. Review the notice to continue
8. On successful verification, click Perform import:
9. Import can take up to a minute depending on the existing configurations:
10. When complete, click Next:
11. Now you are ready to use the LoginTC RADIUS Connector:

    NOTE
    The endpoints page in the screenshot is intentionally empty. You should see the configuration imported from your existing LoginTC RADIUS Connector.

    

Step 3: Test Endpoint on LoginTC RADIUS Connector

Navigate to your appliance web interface URL. Use username logintc-user and the password you set upon initial launch of the appliance. Select an Endpoint and then Test Endpoint.

Ensure that it behaves as expected. If the User Directory used for First Factor authentication had firewall rules in place, make sure the same rules are in place for the new appliance.

Step 4: Configure RADIUS Client to leverage new LoginTC RADIUS Connector

Now configure the RADIUS Client (i.e. VPN, Web Access Manager, Unix host etc…) to point to the new LoginTC RADIUS Connector. Please refer to the appropriate documentation: LoginTC Connectors. Test that the environment behaves as appropriate.

An alternative method would be to set the static IP Address of the new LoginTC RADIUS Connector to the same as the old one. The old appliance will need to an alternative IP Address to avoid network conflicts.`

LoginTC RADIUS Connector 3.X

Step 1: Upgrade to version 3.X+

1. Download the latest LoginTC RADIUS Connector:
   • OVF for ESXi, VirtualBox
   • VHD for Hyper-V
2. Unzip the file
3. Import the virtual appliance your computer virtualization software
   • Instructions for Hyper-V
4. Ensure that the LoginTC RADIUS Connector has a virtual network card
5. Start the virtual appliance
6. You will be presented with a console dashboard:
7. The first thing you must do is set the logintc-user password:
8. By default the appliance network is configured by DHCP. If you wish to manually configure the network, use the Down arrow key to navigate to Network Configuration and DNS Configuration
9. For access to the web interface select Web Server and then Start:It may take 5-10 seconds to start the first time:
10. Once started, access the web interface by navigating to the URL mentioned in the information box:

The LoginTC RADIUS Connector runs CentOS 7.7 with SELinux. A firewall runs with the following open ports:

Port	Protocol	Purpose
22	TCP	SSH access
1812	UDP	RADIUS authentication
1813	UDP	RADIUS accounting
8888	TCP	Web interface
443	TCP	Web interface
80	TCP	Web interface
80	TCP	Package updates (outgoing)
123	UDP	NTP, Clock synchronization (outgoing)

Step 2: Run migration script

1. SSH into the 3.X virtual appliance or open the console (use same username / password as web GUI)
2. cd /tmp
3. curl -O https://www.logintc.com/downloads/logintc-radius-connector-migrate-1.0.1.sh
4. sudo sh logintc-radius-connector-migrate-1.0.1.sh IP_ADDRESS_EXISTING_LOGINTC_RADIUS_CONNECTOR
   • Set IP_ADDRESS_EXISTING_LOGINTC_RADIUS_CONNECTOR to the IP Address of the LoginTC RADIUS Connector you will be migrating from.
5. Review the notice to continue
6. Ensure the correct IP Address was entered, then enter the password for the logintc-user on the existing LoginTC RADIUS Connector

The migration script will restart services once it is complete (2-4 seconds).

Step 3: Test Configuration on LoginTC RADIUS Connector

Close the console and navigate to your appliance web interface URL. Use username logintc-user and the password you set upon initial launch of the appliance. Select a Configuration and then Test Configuration. Ensure that it behaves as expected.

Step 4: Configure RADIUS Client to leverage new LoginTC RADIUS Connector

Now configure the RADIUS Client (i.e. VPN, Web Access Manager, Unix host etc…) to point to the new LoginTC RADIUS Connector. Please refer to the appropriate documentation: LoginTC Connectors. Test that the environment behaves as appropriate.

An alternative method would be to set the static IP Address of the new LoginTC RADIUS Connector to the same as the old one. The old appliance will need to an alternative IP Address to avoid network conflicts.`

LoginTC RADIUS Connector 2.X

Follow these instructions to upgrade your LoginTC RADIUS Connector 2.X virtual appliance to the latest 2.X version (2.7.1):

1. SSH into the virtual appliance or open the console (use same username / password as web GUI)
2. cd /tmp
3. curl -O https://www.logintc.com/downloads/logintc-radius-connector-2.7.1-upgrade.sh
4. sudo sh logintc-radius-connector-2.7.1-upgrade.sh

The upgrade script will restart your appliance after upgrading.

It is always recommended to take a VM snapshot prior to upgrading.

Troubleshooting

Need help? Please see our Help Page, Knowledge Base or contact us directly at support@cyphercor.com.