000025171 - Telstra Dial IP on RSA Authentication Manager 6.1

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025171
Applies ToRSA Authentication Manager 6.1
RSA RADIUS Server 6.1 Powered by Funk Steel-Belted RADIUS
Microsoft Windows
Telstra Dial IP
IssueTelstra Dial IP on RSA Authentication Manager 6.1
RSA ACE/Server 5.x or RSA Authentication Manager 6.0.2 RADIUS profiles fail to migrate into RSA RADIUS after upgrading to RSA Authentication Manager 6.1
Double clicking an attribute with a red circle next to it gives error: "Edit Attribute: The dictionary no longer contains an attribute with this name"
Log for RSA to SBR Install Utility (C:\Program Files\RSA Security\RSA Radius\Service\tprsMigReg.log) reports messages such as WARNING: Attribute: 135 has two attributes defined with conflicting names: ATT-Ascend-Client-Primary-DNS in dict agns.dct and AAT-Ascend-Client-Primary-DNS in dict aat.dct
Resolution
 This problem has been reported to RSA Security Customer Support and we are working with Juniper to provide a fix, however we do have a workaround to correct the attribute names listed in the RADIUS profiles.  
   
 Workaround Instructions: 
   
 1)      Stop the RSA RADIUS service using the RSA Authentication Manager Control Panel
 
 
 2)      Three RADIUS dictionary files called agns.dct, aat.dct & aptis.dct will be changed in the C:\Program Files\RSA Security\RSA Radius\Service directory
 
 
 For agns.dct the following lines need to be commented out after the ?Include Ascend attributes for additional support? line:   
ATTRIBUTE   ATT-Ascend-Client-Primary-DNS         135     ipaddr  r
ATTRIBUTE   ATT-Ascend-Client-Secondary-DNS       136     ipaddr  r
ATTRIBUTE   ATT-Ascend-Assign-DNS                 137     integer r
ATTRIBUTE   ATT-Ascend-Session-Timeout            194     integer r
ATTRIBUTE   ATT-Ascend-Idle-Limit                 244     integer r
 
 
 For aat.dct the following lines need to be commented out from the Ascend attributes section of the file:  
ATTRIBUTE       AAT-Ascend-Client-Primary-DNS          135     ipaddr  r
ATTRIBUTE       AAT-Ascend-Client-Secondary-DNS        136     ipaddr  r
ATTRIBUTE       AAT-Ascend-Assign-IP-Pool              218     integer r
 
 
 For aptis.dct the following line needs to be commented out (near the top of the file)  
@ascend.dct

 
 
 3)      Rename C:\Program Files\RSA Security\RSA Radius\Service\saved-dcts.bin to C:\Program Files\RSA Security\RSA Radius\Service \saved-dcts.bin.orig
 
 
 4)      Start the RSA RADIUS server using the RSA Authentication Manager Control Panel
 
 
 5)      Using the RSA Authentication Manager Host Mode, delete the agent host for the RSA RADIUS system (which usually is the same host name as the RSA Authentication Manager).
 
 
 6)      Open a command prompt window (cmd.exe) and go in to the C:\Program Files\RSA Security\RSA Radius\Service directory. Now run ?RSAInstallTool.exe ?identity Primary ?secret <your replication secret> -install ?m ?o?. Please refer to the RSA RADIUS Server 6.1 Administrator's Guide for information on RSAInstallTool. 
 
 
 7)      Stop and start the RSA RADIUS service using the RSA Authentication Manager Control Panel
 
 
 8)      Open RSA Authentication Manager Host Mode > RADIUS > Manage RADIUS Server and ensure you change one of the RADIUS clients to use the ?Ascend MAX Family? make/model. Next, open a RADIUS profile and confirm your attributes for Telstra Dial IP are listed correctly in the return list. 
   
 Please report any technical difficulties to RSA Security Customer Support if this workaround does not resolve your particular problem. 
Legacy Article IDa31512

Attachments

    Outcomes