Solutions

Job execution fails when configured for a Radius overlay.

Solutions ID:    KB4171
Version:    5.0
Status:    Published
Published date:    11/16/2010
Updated:    11/17/2010
 

Problem Description

The Director box hangs after executing this job towards one SG.  To recover, a reboot is necessary.

Using WP5-GBL Authentication in our Radius overlay file, causes the job to fail, and the Director appliance to hang.

If a special character ! <Exclamation mark> is used at the beginning of encryption key - then the overlay file will error out.

Resolution

 There were two issues discovered with this issue.

1: The Radius command line interface command was wrong.

Using the Command "show config" in the command line interface ( CLI) command, we see this configuration output for Radius:

WP5-GBL Authentication
;
; Configure Authentication Realms
;
;
! - BEGIN RADIUS for Admin Authentication
; Configure authenication realm for admin access
;
security radius create-realm Radius_Admin_Auth @(RADIUS_ADMIN_AUTH_SERVER_1) 1812
security radius edit-realm Radius_Admin_Auth
   primary-server secret @(RADIUS_ADMIN_AUTH_SECRET_1)
   alternate-server secret @(RADIUS_ADMIN_AUTH_SECRET_2)
   alternate-server @(RADIUS_ADMIN_AUTH_SERVER_2) 1812
exit
 ;
! - END RADIUS for Admin Authentication

 

 In the above command, the SECRET key is missing.

In this Overlay -provided above - the RADIUS is configured with the command

 " security radius create-realm Radius_Admin_Auth @(RADIUS_ADMIN_AUTH_SERVER_1) 1812"


The correct command should be as below.


 "security radius create-realm  <realm-name> <secret> <primary-server host> [<primary-server port>]"

2:  The secret key cannot contain a exclamation mark "!" for these reasons:

  • Question: :If we use w!AkAVEme does it only take the w and ignore everything after the !
    • The CLI parser recognizes  ! as a comment character only if it is the first character is  a token. So, tokens can have embedded ! chars.  They just cannot start with this char.
  • Question: :If we use !AkAVEme does it take "!"AkAVEme or "!AkAVEme"?
    • The double quote can be used to get the parser to ignore special characters - like !   and to group characters into a single token (ie. allows embedded spaces). The double quote characters are not part of the token. and need to be around the entire string as per the later example.   So, with "!AkAVEme",  you get  !AkAVEme

 

NOTE1: For an overview of how to setup Radius on a Director appliance, see FAQ337

NOTE2: For a list of what Radius vendors Bluecoat supports, see FAQ1125


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question