RSA Security 6.1 manual Attribute Values, Return List Attributes, Multi-Valued Attributes

Page 26

During authentication, RSA RADIUS Server filters the checklist based on the dictionary for the RADIUS client that sent the authentication request. The server ignores any checklist attribute that is not valid for this device.

Return List Attributes

A return list is a list of attributes that RSA RADIUS Server must return to the RAS after authentication succeeds. The return list usually provides additional parameters that the RAS needs to complete the connection, typically as part of

PPPnegotiations. Return list attributes can be “authorization configuration parameters.”

By including appropriate attributes in the return list, you can create a variety of connection policies. Specific users can be assigned particular IP addresses or IPX network numbers; IP header compression can be turned on or off; or a time limit can be assigned to the connection.

You create a return list by choosing attributes from a list of all RADIUS attributes known to the RSA RADIUS Server. This list can include a variety of vendor-specific attributes.

During authentication, RSA RADIUS Server filters the return list based on the dictionary for the specific RADIUS client that sent the authentication request. The server omits any return list attribute that is not valid for this device.

Attribute Values

The value of each RADIUS attribute has a well-defined data type: numeric, string, IP or IPX address, time, or hexadecimal. For example, Callback-Numberis of type string and contains a telephone number. RAS-Port-Typeis an item from a list, and can be Sync, Async, and so forth.

Multi-Valued Attributes

Attributes can be single- or multi-valued. Single-valued attributes appear at most once in the checklist or return list; multi-valued attributes might appear several times.

If an attribute appears more than once in the checklist, this means that any one of the values is valid. For example, you can set up a checklist to include both Sync and Async values for attribute RAS-Port-Type. This means that the user can dial into a Sync port or an Async port, but not one of the ISDN ports.

If an attribute appears more than once in the return list, each value of the attribute is sent as part of the response packet. For example, to enable both IP and IPX header compression for a user, you would configure the

14

About RSA RADIUS Server

September 2005

Image 26

Contents RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index What’s In This Manual About This GuideAudience Syntax Conventions Vendor Information Related DocumentationRSA Radius Server Documentation Requests for Comments RFCsBefore You Call for Customer Support Getting Support and ServiceThird-Party Products RSA Radius Server Features About RSA Radius ServerRSA Radius Server Overview About RSA Radius Server SeptemberRSA Radius Authentication Radius Packets Radius Client Configuration Radius ConfigurationRadius Server Configuration Shared Secrets RadiusNode Secret Radius SecretReplication Secret Authentication Radius PortsAccounting Accounting Sequence Comma-Delimited Log Files Tunneled Accounting Vendor-Specific Attributes AttributesDictionaries Make/Model FieldUpdating Attribute Information Checklist AttributesAttribute Lists Multi-Valued Attributes Attribute ValuesReturn List Attributes System Assigned Values Default ValuesOrderable Attributes Echo PropertyCentralized Configuration Management Replacing a Replica Radius Server Designating a New Primary Radius ServerRecovering a Replica After a Failed Download Changing the Name or IP Address of a ServerRequired Files Installing the RSA Radius ServerBefore You Begin Data Migration/RegistrationInstalling on Windows System RequirementsInstalling the RSA Radius Server If you are installing a Replica RSA Radius Server, clickUninstalling the RSA Radius Server Software Installing on Solaris Installer SyntaxPath Installing the RSA Radius Server Software ReppkgEnter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Installing on Linux Linux Server System RequirementsShould be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Using RSA Radius Administrator Running RSA Radius AdministratorFile Menu Navigating in RSA Radius AdministratorRSA Radius Administrator Menus See , Administering Radius Clients on Panel MenuHelp Menu RSA Radius Administrator ToolbarWeb Menu RSA Radius Administrator Windows Adding an EntryEditing an Entry Sample Add WindowCutting/Copying/Pasting Records Sample Edit WindowChanging Column Sequence Using Context MenusResizing Columns Sorting InformationAdding a License Key Accessing Online HelpDisplaying Version Information Exiting the RSA Radius Administrator Add a License for Server WindowAdministering Radius Clients Radius Clients PanelAdding a Radius Client Add Radius Client WindowSecret to display the characters in the shared secret Verifying a Shared Secret Deleting a Radius ClientPage Administering Radius Clients September About Profiles Administering ProfilesAdding a Checklist or Return List Attribute for a Profile Default Profile Resolving Profile and User AttributesSetting Up Profiles Adding a ProfileClick Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Server Authentication Statistics Displaying StatisticsStatistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Displaying Server Accounting Statistics Statistics Panel System Accounting StatisticsAccounting Statistic Meaning Resetting Server Statistics Displaying Radius Client StatisticsOptionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Replication Panel Adding a Radius Server ManuallyAdd Server Window Enabling a Radius Server Deleting a Radius ServerPublishing Server Configuration Information Notifying Replica Radius ServersRecovering a Replica After a Failed Download Designating a New Primary Radius ServerChanging the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Logging Files Using the Radius System LogLogging Level of Logging Detail Controlling Log File SizeUsing the Accounting Log Accounting Log File FormatFirst Line Headings Comma PlaceholdersStandard Radius Accounting Attributes Acct-Status-TypeAcct-Input-Packets Ldap Configuration Interface File P e n d i x aAbout the Ldap Configuration Interface Ldap UtilitiesLdap Requests Downloading the Ldap UtilitiesConfiguring the Ldap TCP Port Ldap Version ComplianceLdap Virtual Schema Available AttributesLdap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Ldap Command Examples Searching for RecordsModifying Records Ldapmodify Option MeaningWhere Adding Records Deleting Records Stattype server Statistics VariablesCounter Statistics Stattype authentication Stattype accountingRate Statistics Using the Ldap Configuration Interface September Glossary AAADNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode