000011713 - Adding a new RADIUS dictionary to RSA RADIUS - Bluecoat (packeteer)

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011713
Applies ToRSA RADIUS 6.1
RSA RADIUS 7.1
RSA Authentication Manager 8.0
RADIUS
Bluecoat
packeteer
IssueAdding a new RADIUS dictionary to RSA RADIUS - Bluecoat (packeteer)
A third-party device requires vendor specific attributes returned in a RADIUS profile returns list.
Resolution

Here are instructions for creating a new RADIUS dictionary for the RADIUS attributes required by a Bluecoat product.

 

Vendor: Bluecoat

Description: Vendor specific attributes being returned in an RSA RADIUS profile for PacketGuide/PacketShaper

 

Reference link: https://bto.bluecoat.com/packetguide/9.2/info/configure-radius-server.htm

 

Steps:

1.

The default RSA RADIUS folders for RSA RADIUS 6.1 on;

 

i)              a supported Microsoft Windows platform is C:\Program Files\RSA Security\RSA RADIUS\Service

 

ii)             a supported UNIX platform /opt/rsa/radius

 

The default RSA RADIUS folders for RSA RADIUS 7.1 on;

 

i)              a supported Microsoft Windows platform is C:\Program Files\RSA Security\RSA Authentication Manager\radius\Service

 

ii)             a supported UNIX platform /usr/local/RSASecurity/RSAAuthenticationManager/radius

 

The default RSA RADIUS folder for RSA Authentication Manager 8.0 on;

 

i)              /opt/rsa/am/radius

 

2.

Create a radius dictionary file named packeteer.dct in the RSA RADIUS folder

 

3.

Add attributes to the new radius dictionary

 

ATTRIBUTE Packeteer-AVPair 26 [vid=2334 type1=1 len1=+2 data=string] r

ATTRIBUTE Packeteer-PC-AVPair 26 [vid=2334 type1=1 len1=+2 data=string] r

 

NOTE: please refer to the readme.dct in the RADIUS folder for detailed information on the dictionary format

 

4.

Update a file called vendor.ini and add a new section for the new vendor

 

vendor-product     = Packeteer

dictionary         = packeteer

ignore-ports       = no

port-number-usage  = per-port-type

help-id            = 0

 

NOTE: it is recommended to add the new vendor in alphabetic order as this maintains order in the RADIUS graphical user interface on the pull-down list.

 

5.

Update a file called dictiona.dcm and add the dictionary filename to the vendor specific list (in alphabetic order)

 

@packeteer.dct

 

6.

Stop and start the RSA RADIUS service.

 

Examine the RADIUS log file (formated yyyymmdd.log - e.g. 20130929) found in the radius folder for any error messages concerning the new radius dictionary (e.g. packeteer.dct)

e.g.

...

...

You are likely to see an update to the dictionary information after adding the new radius dictionary.

08/29/2011 09:51:03 Number of dictionaries in saved file does not match number in directory

08/29/2011 09:51:03 Opening saved dictionary file

08/29/2011 09:51:03 Successfully initialized saved-dcts.bin file

08/29/2011 09:51:03 Starting dictionary file processing ...

08/29/2011 09:51:10 Writing dictionary info to saved dictionary

08/29/2011 09:51:11 Successfully wrote dictionary information to saved-dcts.bin

08/29/2011 09:51:11 Closing saved dictionary file

08/29/2011 09:51:11 Successfully created and closed saved-dcts.bin

08/29/2011 09:51:11 Concluded dictionary file processing ...

...

...

 

7.

When configuring the RADIUS clients there will be a new Make/model type called ?Packeteer? which will allow Bluecoat vendor specific attributes to be selected in the Return List of Attributes for RADIUS profiles in the RSA Security Console.

 

 

Contact RSA Customer Support if you still experience a technical issue adding a vendor specific RADIUS dictionary to RSA RADIUS 6.1/RSA RADIUS 7.1 or RSA RADIUS 8.0.

 

Legacy Article IDa62778

Attachments

    Outcomes