000025689 - How to suppress the class attribute from RSA RADIUS for RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Aug 30, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000025689
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

This article explains how to:

  • Suppress class attribute from the RSA RADIUS response.
  • Address problems with the default Steel-Belted RADIUS class attribute.
  • Resolve when NAS devices receive a Class=SBR2CL\0xbc\0xb1\0xf90x95\0xe4\0xec\0xcd\0xa8\ when profiles return a Class attribute.
CauseBy default, Funk Steel Belted RADIUSsends the Funk class attribute to the NAS device if the profile contains the attribute class
ResolutionTo correct this issue,
  1. Locate the vendor.ini in the Operations Console (Deployment Configurations > RADIUS Servers > Manage Server Files > vendor.ini)
  2. Click the context arrow next to the vendor.ini and select Edit.
  3. Locate the entries for the NAS vendor that corresponds to your RADIUS profile. In this example, we will look at the lines for standard RADIUS:

vendor-product          = - Standard Radius -
dictionary              = Radius
ignore-ports            = no
help-id                 = 2000

  1. Change it to add the text send-class-attribute = no, as follows:

vendor-product         = - Standard Radius -
dictionary             = Radius
ignore-ports           = no
help-id                = 2000
send-class-attribute   = no

  1. When done, click Save & Restart RADIUS Server.  This restart allows the debug changes to take effect.
Legacy Article IDa29959