RSA Security 6.1 User Manual

Page 101

Advertising
background image

RSA RADIUS Server 6.1 Administrator’s Guide

Using the LDAP Configuration Interface

89

X

Substrings – There are several places where a list of strings is the value of an
attribute. The rule for specifying the data portion for these lists is that
semicolons must delimit the substrings. For example, a DNIS list for a tunnel
entry might be specified as

555-1212;5551212

. If a semicolon needs to

appear inside a substring, it can be escaped by placing a backslash character
(\) before it.

X

Hexadecimal values – Hexadecimal numbers (for attributes of syntax type
hex1, hex2 or hex4) require a

0x

prefix in front of the hexadecimal digits; for

example 0x0000149a.

X

Profiles, checklists, and return lists – Checklists associated with profiles
can include default attributes, which allows you to mark a checklist attribute
as optional. To signal that a checklist attribute is a default attribute, preface
the attribute value with the string

%default%

.

Return lists associated with profiles can include attributes whose contents are
the value of received attribute. This feature is referred to as “echoing” the
attribute. To signal that a return list attribute must be treated as an echo
attribute, specify the attribute value as the string

%echo%

.

X

Unspecified or 0.0.0.0 RAS IP address – When you display

acct_stats_by_nasipaddr

information, any RAS entries with an

unspecified IP address or an IP address of 0.0.0.0 are omitted. Similarly, when
you display

acct_stats_by_nas

information, RAS entries with an

unspecified IP address or an IP address of 0.0.0.0 have

nasipaddr

attribute

omitted.

X

Duplicate RAS IP addresses – When displaying

acct_stats_by_nasipaddr

information, two RAS entries that contain

the same (non-zero) IP address cause information about one of the entries to
be displayed twice. This is the result of the ambiguity of the query and is not
a bug.

X

RADIUS client information displayed after deletion – If you define a
RADIUS client entry, send some accounting traffic to it, and then delete the
entry, the output of

ldapsearch

queries continues to list the deleted

RADIUS client so that the per-RAS statistics add up to the total RAS
statistics.

Advertising
Popular Brands
Popular manuals