I will go quickly for this one, don’t expect pictures or detailed help.

This is an unsupported install, as RSA still only support Centos 4 or CentOs 5 with 32 bits. CRAP !

My install will give you a fully functional Auth Manager 7.1 with the radius server.
I also migrated from an old 7.0 install.

First, install your CentOs 6.x (6.2 from my template then update to 6.3 as of this writing).

Then install A LOT of dependencies, some are 32 bits….

yum  install bc gcc atk glibc glibc-devel glibc-headers kernel-headers libaio libart_lgpl libgomp libwnck libXp pango openmotif glibc.i686 glibc.x86_64  glibc-devel.i686 glibc-devel.x86_64 glibc-headers.x86_64 ksh libXp.i686 libXp.x86_64 libXp-devel.i686 libXt.i686 libXt.x86_64 libXt-devel.i686 libXtst.i686 libXtst.x86_64 libXtst-devel.i686 libgcc.i686 libgcc.x86_64 libstdc++.i686 libstdc++.x86_64 ncompress compat-libstdc++-296 compat-libstdc++-33.i686 compat-libstdc++-33.x86_64 compat-openldap.i686 compat-openldap.x86_64 compat-db.i686 compat-db.x86_64 libstdc++-devel.i686 make libdbi-devel.i686 libdbi-drivers.x86_64 libdbi.i686 libdbi.x86_64 libavc1394-devel.i686 libavc1394-devel.x86_64 libavc1394.i686 libavc1394.x86_64 libaio.i686 libaio.x86_64 libaio-devel.i686 libaio-devel.x86_64 glibc-common.x86_64 compat-glibc.x86_64 glibc.i686 glibc.x86_64 glibc-devel.i686 glibc-devel.x86_64 glibc-headers.x86_64 glibc-utils.x86_64 kernel-headers.x86_64 gsl.i686 gsl.x86_64 gtkspell.x86_64 gtkspell.i686 kdelibs.i686 kdelibs.x86_64 libgnome.i686 control-center-devel.i686control-center-filesystem.i686 control-center.i686 control-center.x86_64
Then add this line at this end of your /etc/hosts file :                   hostname           hostname.example.com

Then add to /etc/services :

## Start RSA Auth Mgr ##
securid         5500/udp
securidprop_00  5505/tcp
securidprop_01  5506/tcp
securidprop_02  5507/tcp
securidprop_03  5508/tcp
securidprop_04  5509/tcp
securidprop_05  5510/tcp
securidprop_06  5511/tcp
securidprop_07  5512/tcp
securidprop_08  5513/tcp
securidprop_09  5514/tcp
securidprop_10  5515/tcp
sdlog           5520/tcp
sdserv          5530/tcp
sdreport        5540/tcp
sdadmind        5550/tcp
sdlockmgr       5560/tcp
sdcommd         5570/tcp
sdoad           5580/tcp
## End RSA Auth Mgr ##

Then you have to fake the Os Version. Replace the content of /etc/redhat-release with this command :

echo "Red Hat Enterprise Linux AS release 4 (Nahant)" > /etc/redhat-release

Then you can start installing from the 6094A0.iso file you downloaded from RSA website (this is the full package install) :

mkdir /opt/rsa /opt/rsa/src
mount -o loop  /opt/rsa/src/6094A0.iso /mnt
groupadd  --gid 500 rsa
useradd --home-dir /opt/rsa --comment "rsa user for securid" --gid 500 --no-create-home --uid 500 rsa

add this line to the rsa user’s crontab (crontab -e -u rsa) :
* * * * *      mv /opt/rsa/RSASecurity/RSAAuthenticationManager/radius/libfreebl3.so /opt/rsa/RSASecurity/RSAAuthenticationManager/radius/libfreebl3.so-rsa >/dev/null 2>&1
This will remove a lib file when it is created by the installer. This lib conflict with the one from the OS and is not compatible. After the install you can (must) remove the crontab.
Finaly start the install :
chown -R rsa:rsa /opt/rsa
cd /mnt/auth_mgr/linux-x86_64
./setupLinux64.sh -console

These are my answers :

user : rsa
pays : 1 (america)
primary instance
install directory : /opt/rsa/RSASecurity/RSAAuthenticationManager
Host name [my.new.server.com]
IP address []
licenses  : /opt/rsa/licenses
login operation console : admin
pass : changeme
Warning : if you are migrating from another install, use THE SAME login et master password as the old install !!!
The install can take from 15 to 30 mins. Don’t be afraid.
Once done, backup and you’re done. If migrating, use the same backup command on the old server and copy the dump to the new one. Iimport the old DB :
First kill all the rsa processes EXCEPT the listener and Oracle DB processes = kill all the Java jvm’s with a « kill -9″
su - rsa
cd /opt/rsa/RSASecurity/RSAAuthenticationManager/utils
./rsautil manage-backups --action export -f /opt/rsa/backup-20120808.dmp
./rsautil setup-replication -a remove-primary
./rsautil manage-backups -a import -D -V -f /tmp/backup-old-server-2012080801.dmp
./rsautil setup-replication  -a set-primary
/etc/init.d/rsaauthmgr start
Now is a really important task. Before doing ANYTHING ELSE, go to the Operation Console (I had to use Chrome as Firefox wasn’t able to add exception for the auto-signed certificate… strange) : https://my.new.server.com:7072/operations-console/

Use the master login/password you defined previously. Go to the Deployment configuration -> RADIUS
You will be prompted for an admin account. Use the one from the old server (that can be your own personal account, not admin).
From there, delete every RADIUS server as you will use the new local one only. Deleting them can take some time… be patient.
Once done, configure a new one. Use the same shared secret as the previous server and give the master password + user account. This will again take some time and should result in the creation of your new radius server.

Stop/Start the server :

/etc/init.d/rsaauthmgr stop ; sleep 10 ; /etc/init.d/rsaauthmgr start

If done, go to the Security Console at https://my.new.server.com:7004/console-ims/

Login with an admin account. If your account previously used a SecurID token, use it.

Once in there, you will have to re-create the Agent config and Contact List config. This is the most strange part…

Go to the menu Access -> Authentication Agent -> Manage existing.

If one is already there, delete it and re-create it with the new server name. Agent type must be RADIUS server. Authentication Manager Contact List should stay as automatic, even if not well defined.

Then go to menu Access -> Authentication Agent -> Authentication Manager Contact List -> Manage Existing

Go and edit the one entry set as automatic (also edit the others the same way if you have many)

Be sure to add your new  server in the server node list at the back.

Once done, use the menu to rebalance accounts : Access -> Authentication Agent -> Authentication Manager Contact List -> Automatic Rebalance


Once done, if without error, go to you shell as root and reconfig the radius :

cd /opt/rsa/RSASecurity/RSAAuthenticationManager/config
./configUtil.sh configure radius finalize-radius-restore

Reboot the server and, if lucky, you’re DONE !

One way to check that up is to configure on of your box (router, switch… anything using radius) to auth on the new server. I did a tcpdump on the new server (tcpdump  port 1646 or port 1813 or port 1645 or port 1812 or port 5500 or port 5550 ) to see what was going one.
If something is wrong, you will see your new server trying to reach the OLD RSA server. In this case… first cry, then scrap your new server and start over… sorry. That’s what I did MANY times….

BTW, I was able to keep SeLinux enforced and the firewall (while opening a whole bunch of ports).
Remember that this install is NOT supported by RSA. It is just working for me.