This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
Jay_CS
New Contributor New Contributor
New Contributor
‎2022-02-03 11:46 AM

Questions regarding the RADIUS pre-migration to Authentication Manager v. 8.6 script

Three weeks ago the RSA Advisory recommending that customers wait before updating Authentication Manager to ver. 8.6 until a new RADIUS pre-migration script is available.

https://community.rsa.com/t5/securid-product-advisories/securid-recommends-waiting-for-a-radius-pre-migration-script/ta-p/667206

This situation arises because the SBR RADIUS used in AM 8.5 and earlier is being replaced with FreeRADIUS (Free RADIUS) in AM 8.6.  This situation therefore raises several questions:

1. Is there any ETA for this script?

2. Does the script only identify potential RADIUS configuration issues for remediation or will the script perform any modifications to RADIUS data on the AM 8.5 Server?

3. If the script modifies RADIUS data, any assessment of any risk involved in doing these modifications?

4. Does RSA have any recommendations as to when this script should be run, and if it should be run multiple times, e.g. run it once immediately before updating to 8.6 versus running it multiple times because the script identifies RADIUS configuration issues, that could be changed necessitating running the script again?

Labels (1)
Reply
15 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2022-03-09 10:02 PM

Authentication Manager ver. 8.6 uses a new version of RADIUS, Free RADIUS, so the SBR Pulse version of RADIUS used in AM 8.5 must be migrated into Free RADIUS.  A RADIUS pre-migration script was developed by RSA Engineering to identify potential problems that could make this RADIUS migration fail. 

The RADIUS Pre-Migration Script released February 18, 2022 reports finding a FAILURE that there was an Error while exporting the trusted root certificate.

 

There are two causes for this finding, which is a false flag finding
1. The AM 8.5 appliance that this script was run against has restored a backup from a different AM 8.5 appliance
2. The RADIUS Pre-Migration Script released February 18, 2022 was used

The RADIUS Pre-Migration Script released February 18, 2022 is only 7KB while the March 3rd script is 9Kb.  Both were named rsa-am-pre-upgrade-check-1.0.zip

This FAILURE is a script failure, not a potential migration error.  The RADIUS Pre-Migration Script released March 3rd, 2022 does not find this FAILURE, because this version of the script changes file permissions on the trusted root certificate file so that it can read this Certificate and decrypt the RADIUS database.

0 Likes
Reply
DavidBerner
Occasional Contributor
Occasional Contributor
In response to JayGuillette
‎2022-03-11 03:06 PM

Jay thanks for the clarification. Can you provide the check sum for the script that was released on the March 3 script.

0 Likes
Reply
patoberli
New Contributor
New Contributor
‎2022-03-15 06:10 AM

Just to confirm, the script is not yet publicly available, correct?

Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to DavidBerner
‎2022-03-16 01:45 PM

f03a6a07dee2093377c8168b3380d1789e196c8493be21a7fdcdee4de14f7322 *rsa-am-pre-upgrade-check-1.0.zip
 

0 Likes
Reply
EudesHernandez
Contributor
Contributor
In response to JayGuillette
‎2022-04-01 12:38 PM

Hi Jay Can you share the URL of this pre-upgrade-check.zip

0 Likes
Reply
SohailErshadi
New Contributor
New Contributor
‎2022-04-29 08:19 PM

I tried to run the script but there were no HTML reports available... 

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.