Environment
Novell Modular Authentication Service (NMAS) RADIUS 4.14
Novell ConsoleOne 1.3.6
Situation
Added attributes via ConsoleOne to a new RADIUS:Dial Access Profile
object, however, the attributes are not being returned.
In comparison, existing RADIUS:Dial Access Profile objects with attributes work properly.
In comparison, existing RADIUS:Dial Access Profile objects with attributes work properly.
Resolution
Correct the rights to the attributes by the following process
:
- Using ConsoleOne, locate the working "RADIUS:Dial Access Profile" object, and identify the rights that have been given to the object. For example, the [PUBLIC] pseudo user typically has read rights to the "RADIUS:Attribute List".
- Locate the new "RADIUS:Dial Access Profile" object, and add similar rights to the new object.
- Runon the RADIUS server.
RADIUS REFRESHCACHE
- Attempt the login.
- In this method, start the NDS Import/Export Wizard.
- Select "Export" and click "Next".
- Specify port 636, and the BorderManager/RADIUS server's IP address.
- Choose "authenticated login" and use an admin account in LDAP syntax (e.g. "cn=admin,o=novell").
- Specify the password, and click "Next".
- Specify the DN for the functional "RADIUS:Dial Access Profile" object in LDAP syntax (e.g. "cn=DAP,o=novell").
- Click "Next".
- Specify the file to export to, and click "Next".
- Click "Finish".
- Repeat the process for the failing "RADIUS:Dial Access Profile" object.
- Compare the ACL: lines in each to see what is missing on the broken one.
- Add each trustee right that was missing.
Additional Information
In a RADDBG.LOG file, this issue is typically manifest by
seeing :
While the failing "RADIUS:Dial Access Profile" object will not show
any of the Filter: or PutAttributesInFilter lines.
PutAttributesInBuffer, calling FilterAttribute
Filter attribute, vendorID: 0, attribute: 7
PutAttributesInBuffer, calling FilterAttribute
Filter attribute, vendorID: 0, attribute: 15
PutAttributesInBuffer, calling FilterAttribute
Filter attribute, vendorID: 0, attribute: 10
PutAttributesInBuffer, calling FilterAttribute
Filter attribute, vendorID: 0, attribute: 6
->Sending Access-Accept (2) [(ip) 156.42.235.142(3813)] count=76
->Inserting into RespQ , code(2) id(20).
-------- END : (Access-Request (1)) [(ip) 156.42.235.142:3813]: time:1674199868---