000019510 - ACE/RADIUS: Pass a Vendor-Specific Attribute in a Numeric Format

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019510
Applies ToRSA ACE/Server 5.x
RADIUS Profiles
IssueACE/RADIUS:  Pass a Vendor-Specific Attribute in a Numeric Format
Enter vendor-specific attributes as numerically formatted values
ResolutionIn order to pass a Vendor-Specific Attribute formatted as a numeric value (as opposed to a string format), you need to precede the Vendor ID with a pound sign (#).  The format for the numeric value is decimal.  If the numeric value is an address, the address must be converted to decimal, including the dotted formatting.  For example, to pass "The Springtide vendor specific attribute for primary-dns-server and pass the address of", use the following format:

3551 = Springtide ID
5 = Springtide specific attribute ID, in this case, 5 refers to 'primary-dns-server' = IP address of the primary-dns-server

The proper Numeric Format for the vendor-specific attribute is as follows:

#3551 5 167838052

The address must be converted into a decimal value as follows:

Dotted: = Decimal 167838052  = HEX  0a 01 01 64

RSA Security has a utility you can use to perform such conversions, built right into the Admin interface.  In the ACE/Administration, select the Profile menu, select a profile, and add or edit.  Go to the attribute "Ascend-IP-Direct" and enter the address in dotted format.  Then, check the Decimal Format and the format will convert on the fly.  Then, take that value and place it in Vendor-Specific Attribute.

I will now attempt to prove the functionality to you using a snoop.  On the ACE/Server, perform the following:

snoop -xo hostname hostname

where the hostnames are the server and client.

Perform an authentication with the user who is using the attribute

0: 0005 7495 58fc 0800 201d a376 0800 4500    ..t.X... ..v..E.
16: 0057 2eaf 4000 ff11 df52 0a64 3058 0a64    .W..@....R.d0X.d
32: 2874 066d 0798 0043 106e 0201 003b ac1d    (t.m...C.n...;..
48: 3092 e096 43c5 0ab6 acc6 edfd 81bd 1215    0...C...........
64: 5041 5353 434f 4445 2041 6363 6570 7465    PASSCODE Accepte
80: 640d 0a1a 0c00 000d df05 060a 0101 6401    d.............d.
96: 0672 6f6f 74                         ========        .root
                                     HEX     0a 0101 64 =

Look at the line of Hex above the  ======== and you will observe that the Hex address is passed.
Legacy Article IDa10086