Article Number
000025689
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
This article explains how to:
- Suppress class attribute from the RSA RADIUS response.
- Address problems with the default Steel-Belted RADIUS class attribute.
- Resolve when NAS devices receive a Class=SBR2CL\0xbc\0xb1\0xf90x95\0xe4\0xec\0xcd\0xa8\ when profiles return a Class attribute.
Cause
By default, Funk Steel Belted RADIUSsends the Funk class attribute to the NAS device if the profile contains the attribute class
Resolution
To correct this issue,
- Locate the vendor.ini in the Operations Console (Deployment Configurations > RADIUS Servers > Manage Server Files > vendor.ini)
- Click the context arrow next to the vendor.ini and select Edit.
- Locate the entries for the NAS vendor that corresponds to your RADIUS profile. In this example, we will look at the lines for standard RADIUS:
vendor-product = - Standard Radius -
dictionary = Radius
ignore-ports = no
help-id = 2000
- Change it to add the text send-class-attribute = no, as follows:
vendor-product = - Standard Radius -
dictionary = Radius
ignore-ports = no
help-id = 2000
send-class-attribute = no
- When done, click Save & Restart RADIUS Server. This restart allows the debug changes to take effect.
