|Issue||The Telstra Next G wireless service optionally allows customers to provide primary and secondary DNS values returned in the RADIUS profile.|
|Resolution||RSA RADIUS already has an Ascend RADIUS dictionary with the RADIUS attributes Ascend-Client-Primary-DNS (attribure 135) & Ascend-Client-Secondary-DNS (attribute 136) which have been confirmed to work with the Telstra Next G wireless service.|
Prerequisite : RSA RADIUS needs to be configured for RSA SecurID Appliance 3.0 Service Pack 4 or RSA Authentication Manager 7.1 Service Pack 4 (by default RSA RADIUS is configured during the deployment of RSA Authentication Manager 8.x).
The RADIUS client configured for the Telstra Next G wireless service must have a Make / Model of 'Ascend MAX Family' in order to use the two RADIUS attributes; RADIUS attributes Ascend-Client-Primary-DNS (attribure 135) & Ascend-Client-Secondary-DNS (attribute 136).
With an administrative account use Security Console > RADIUS > RADIUS Client > Manage Existing > Left-click Client Name and select Edit. Change the Make / Model field in RADIUS Client Settings and Save the changes.
..this then allows the administrator to select Ascend-Client-Primary-DNS & Ascend-Client-Secondary-DNS RADIUS attributes from the Attribute drop-down in the Return List Attributes section of the RADIUS profile.
With an administrative account use Security Console > RADIUS > RADIUS profiles > Add New > Enter a Profile Name, select the required Attributes and click Save. Alternatively use Security Console > RADIUS > RADIUS profiles > Manage Existing > Left-click Profile Name and select Edit. Add the Ascend-Client-Primary-DNS & Ascend-Client-Secondary-DNS to the existing RADIUS Profile and click Save.
The next step is to assign the saved RADIUS profile to the end user (if not do so already) via Identity > Users > Manage Existing > use the Search Criteria to find the user > Left-click User ID and select Authentication Settings from the menu. In the RADIUS section of Authentication Settings select the RADIUS profile name using the pull-down for User RADIUS Profile and Save.
Perform RADIUS authentication tests to confirm the RADIUS attributes are being returned to the RADIUS client after a successful authentication.
|Notes||Optionally; enabling RADIUS debug will show the returned RADIUS attributes in the Authentication Response to the RADIUS client.|
Example; Authentication Request and corresponding Authentication Response for a RADIUS authentication for user 'rsatest' where RADIUS_PROFILE has been assigned:
10/20/2014 15:03:13 Authentication Request