|
|
This document contains important information about the 1.3 Cisco Access Registrar software. Cisco Access Registrar is a RADIUS (Remote Authentication Dial-In User Service) server that allows multiple dial-in Network Access Server (NAS) devices to share a common authentication, authorization, and accounting database.
This document is divided into the following sections:
The following documents are available on the Cisco Documentation CD-ROM and are companion documents to this document:
The following list of documents contains additional information which may help you more fully understand the material described in this manual:
This section describes the system requirements for installing the 1.3 Cisco Access Registrar software.
Table 1 lists the system requirements for a full installation of Cisco Access Registrar.
| Component | Requirement |
|---|---|
CPU Architecture | SPARC |
OS Version | Solaris 2.5.1 |
Minimum RAM | 64 MB |
Recommended RAM | 128 MB |
Recommended Disk Space | 80 MB |
Table 2 lists the system requirements for installing the server-only component of Cisco Access Registrar.
| Component | Requirement |
|---|---|
CPU Architecture | SPARC |
OS Version | Solaris 2.5.1 |
Minimum RAM | 64 MB |
Recommended RAM | 128 MB |
Recommended Disk Space | 60 MB |
Table 3 lists the system requirements for installing the configuration-only component of Cisco Access Registrar.
| Component | Requirement |
|---|---|
CPU Architecture | SPARC |
OS Version | Solaris 2.5.1 |
Minimum RAM | 32 MB |
Recommended RAM | 64 MB |
Recommended Disk Space | 25 MB |
 | Caution The recommended disk space does not include the amount of space needed for accounting records which can grow rapidly depending on how frequently you process and remove them from the Cisco Access Registrar disk. If Cisco Access Registrar runs out of disk space, it could cause the loss of accounting information and session management information to become corrupted. |
If you are upgrading from a previous Cisco Access Registrar 1.2 release, you need not overwrite your configuration database.
If you are running the pre-release version of Cisco Access Registrar, you should upgrade the database by reinstalling Cisco Access Registrar, and choosing to overwrite your database during installation. Follow the instructions in the installation procedure.
The 1.3 Cisco Access Registrar release includes the following new features:
1. Concurrent local and proxy accounting streams.
2. Multi-valued RADIUS attribute support.
3. Enhanced duplicate request filtering.
4. Server log file roll over.
5. Statistics output redirection.
Table 4 describes the bugs fixed in the 1.3 Cisco Access Registrar release.
| Bug Number | Description |
|---|---|
CSCai02371 | The two new example scripts add-example-configuration.rc and delete-example-configuration.rc do not automatically reload the server. After running either script, you must manually reload the server to update the database with your changes. |
CSCai02626 | Enhancement: aregcmd can now be used to set the maximum size of the Cisco Access Registrar log files, and the number of log files kept. |
CSCai03094 | Can't eject the CD ROM after pkgadd if it is performed within the cdrom directory. |
CSCai03185 | Cisco Access Registrar does not assign an IP address (or allocate any other resources) when the reply from a remote RADIUS server contains a State attribute. |
CSCai03346 | The AddProfile method does not come back with an error code if the Profile is not found. |
CSCai03376 | Enhancement: the SessionManager for an Accounting-Request is automatically determined by the SessionManager chosen for the previous Access-Request for the same NAS and NAS-Port. |
CSCai03389 | Enhancement: The OutagePolicy on a Service now applies to Accounting-Requests, as well as Access-Requests. |
CSCai03392 | The Adaptive Round Trip Time (RTT) algorithm can cause the dynamic timeout value to become too small and cause invalid timeouts on a RemoteServer. |
CSCai03501 | If a NAS fails to return the State Attribute in Accounting-Requests, SessionManagement does not operate properly. |
CSCai03579 | The RemoteServer name should be displayed with an IP address in aregcmd stats output. |
CSCai03580 | Enhancement: aregcmd now supports the $PAGER environment variable. Currently, this is only used when presenting statistics, and it is only used in interactive mode. |
CSCai03584 | Adding attributes in the standard attribute space with the same name as an existing vendor-specific attribute causes aregcmd to fail. |
CSCai03719 | Enhancement: "Static" IP Addresses (from Profiles or Proxies) are now visible in Session data. See "Session Notes" feature for more information. |
CSCai03789 | Incorrect error message displayed when NULL (zero) is passed as a string value to any of the REX API put functions. |
CSCai03800 | Cisco Access Registrar crashes when a Client is configured with type Proxy, and a request either contains a NAS-Identifier attribute that matches that Client's name, or the request contains a NAS-IP-Address attribute with that Client's IP address. |
CSCai03814 | Cisco Access Registrar should identify the name and IP address of a RemoteServer in any failure log message. |
CSCai04088 | Iterating through Vendor-Specific attributes with a REX or TCL script/service may find the wrong attributes in the Request/ Response dictionary. |
CSCai04101 | After initially installing the product, if the examples are installed, aregcmd may ask the admin to save (upon exit) even if no changes were made. |
CSCdk83312 | Trailing NULL characters included at the end of passwords returned from LDAP may cause PAP/CHAP authentication to fail. |
CSCdk86146 | Out of sequence Accounting "Start" requests can create orphaned sessions, possibly leaking dynamic resources. (See "Session Creation" for solution details). |
Table 5 describes the known bugs in the 1.3 Cisco Access Registrar release.
| Bug Number | Description |
|---|---|
CSCai02130 | When accounting files are rolled, they are renamed to a file that includes the date range of the entries inside. Unfortunately, the creation and modification times of the file are in UTC, while the time stamp on each accounting record is in local time. Thus, there is a time skew between the times used for the name of the rolled accounting file and the time stamp for the first and last record in the file. |
CSCai02242 | Cisco Access Registrar displays the message, "Database lock attempt failed" if you stop the server while it is still in the process of starting. If this occurs, you will not lose any data. |
CSCai02273 | Validation succeeds when multiple administrators enter the same user in the UserList. Instead of reporting a conflict, both administrators will be modifying the same user records. |
CSCai02319 | Validation doesn't check whether a deleted RemoteServer or a deleted ResourceManager is referred to by a Service or a SessionManager, respectively. |
CSCai02320 | After a save, the aregcmd command displays the value of a new Networks range in an IPX-dynamic ResourceManager in decimal. To restore the display, log in to the cluster again. |
CSCai02432 | Cisco Access Registrar does not check the Response-Type which may be set by a Script immediately after running the Server, or Vendor Scripts. It is checked after the Client Script point. |
CSCdk82488 | aregcmd will let the administrator add a VSA with the same name as an existing standard attribute, or a VSA for another vendor. |
CSCai02946 | Requests authenticated with a TACACS service do not get reflected in the Cisco Access Registrar server statistics. |
This section provides information that was missing from the 1.3 Cisco Access Registrar documentation.
If you have the situation where a Cisco Access Registrar RADIUS server is acting as a forwarding server and proxying requests to one or more remote RADIUS servers, the Accounting-On and Accounting-Off requests are only proxied to remote servers when the request is directly from a NAS.
Note, Cisco Access Registrar only forwards the Accounting-On or Accounting-Off requests when they come directly from a NAS. It does not forward requests when they are from a proxy. Therefore, if you have a chain of forwarding servers, the Accounting-On or Accounting-Off request will not be forwarded for more than one hop.
When Cisco Access Registrar is unable to write accounting records to disk, this information may be lost. Cisco Access Registrar continues to run, however, it does not acknowledge accounting requests. After you have made disk space available, you must reload Cisco Access Registrar to cause the Accounting Services to resume writing to disk.
Note, because Cisco Access Registrar does not buffer the requests it could not write to disk, this information is lost unless the client (NAS or proxy) resends the accounting requests. Fortunately, most NASs retry accounting requests until they are acknowledged.
Some versions of USR NASs do not generate correct signatures for accounting requests. When an accounting request packet has an incorrect signature, Cisco Access Registrar drops the packet. A workaround for this problem is to set the Vendor of the client to be USR-IgnoreAccountingSignatures. This causes Cisco Access Registrar to not attempt to verify that the signature is correct.
This section lists the components of the Cisco Access Registrar 1.3 product:
1. Cisco Access Registrar 1.3 product CD.
2. Release Notes for Cisco Access Registrar, Release 1.3 (part number 78-7189-01 (this document)).
3. Cisco Access Registrar Getting Started Guide (part number 78-6600-01)
4. Cisco Access Registrar User Guide (part number 78-6601-01)
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Thu Aug 19 08:06:34 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.