|Applies To||RSA Authentication Manager 6.1|
RSA RADIUS Server 6.1 Powered by Funk Steel-Belted RADIUS
Telstra Dial IP
|Issue||Telstra Dial IP on RSA Authentication Manager 6.1|
RSA ACE/Server 5.x or RSA Authentication Manager 6.0.2 RADIUS profiles fail to migrate into RSA RADIUS after upgrading to RSA Authentication Manager 6.1
Double clicking an attribute with a red circle next to it gives error: "Edit Attribute: The dictionary no longer contains an attribute with this name"
Log for RSA to SBR Install Utility (C:\Program Files\RSA Security\RSA Radius\Service\tprsMigReg.log) reports messages such as WARNING: Attribute: 135 has two attributes defined with conflicting names: ATT-Ascend-Client-Primary-DNS in dict agns.dct and AAT-Ascend-Client-Primary-DNS in dict aat.dct
This problem has been reported to RSA Security Customer Support and we are working with Juniper to provide a fix, however we do have a workaround to correct the attribute names listed in the RADIUS profiles.
1) Stop the RSA RADIUS service using the RSA Authentication Manager Control Panel
2) Three RADIUS dictionary files called agns.dct, aat.dct & aptis.dct will be changed in the C:\Program Files\RSA Security\RSA Radius\Service directory
For agns.dct the following lines need to be commented out after the ?Include Ascend attributes for additional support? line:
For aat.dct the following lines need to be commented out from the Ascend attributes section of the file:
For aptis.dct the following line needs to be commented out (near the top of the file)
3) Rename C:\Program Files\RSA Security\RSA Radius\Service\saved-dcts.bin to C:\Program Files\RSA Security\RSA Radius\Service \saved-dcts.bin.orig
4) Start the RSA RADIUS server using the RSA Authentication Manager Control Panel
5) Using the RSA Authentication Manager Host Mode, delete the agent host for the RSA RADIUS system (which usually is the same host name as the RSA Authentication Manager).
6) Open a command prompt window (cmd.exe) and go in to the C:\Program Files\RSA Security\RSA Radius\Service directory. Now run ?RSAInstallTool.exe ?identity Primary ?secret <your replication secret> -install ?m ?o?. Please refer to the RSA RADIUS Server 6.1 Administrator's Guide for information on RSAInstallTool.
7) Stop and start the RSA RADIUS service using the RSA Authentication Manager Control Panel
8) Open RSA Authentication Manager Host Mode > RADIUS > Manage RADIUS Server and ensure you change one of the RADIUS clients to use the ?Ascend MAX Family? make/model. Next, open a RADIUS profile and confirm your attributes for Telstra Dial IP are listed correctly in the return list.
Please report any technical difficulties to RSA Security Customer Support if this workaround does not resolve your particular problem.
|Legacy Article ID||a31512|