Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

authReportBadSharedSecret.ini File

 

The authReportBadSharedSecret.ini initialization file specifies options for the invalid shared secret report, which is an ASCII comma-delimited file that records information about requests received from known RADIUS clients that used an invalid shared secret. This condition is only detectable if the authentication request contained a Message-Authenticator attribute, which is required if credentials are of an EAP type but optional if credentials are PAP, CHAP, or MS-CHAP v2. (In the case of PAP, an invalid shared secret is not detected, but results in an Access-Reject response because the user password is decrypted into incorrect characters.)

If the MaxMinutesPerFile parameter is set to 0, the file name of the bad shared secret report is badSharedSecret_yyyymmdd.csv (where yyyymmdd identifies the date the report was generated.) If the MaxMinutesPerFile parameter is set to a value greater than 0, the file name of the report is badSharedSecret_yyyymmdd_hhmm.csv (where yyyymmdd identifies the date and hhmm identifies the time the report was generated).

[Attributes] Section

[Attributes] Section

The [Attributes] section of authReportBadSharedSecret.ini lists the attributes logged in the invalid shared secret report.

You can configure what is logged to the invalid shared secret report by entering attributes in the [Attributes] section in the sequence you want them to appear. This lets you design the content and column order of any spreadsheets that you plan to create based upon the silent discard/bad shared secret report.

The syntax of the [Attributes] section is:

For example:

The [Attributes] section lists one AttributeName on each line. You must ensure that an equal sign (=) immediately follows each AttributeName, with no spaces in between. Improperly formatted entries are ignored.

Each AttributeName in the [Attributes] section must be defined in a standard RADIUS dictionary file (.dct file), a subattribute dictionary file (.jdict file), or vendor-specific dictionary file (.dct) installed on the Steel-Belted Radius Carrier server.

Note

The first three attributes in each invalid shared secret report entry (Date, Time, and RADIUSClient) are always enabled, and cannot be reordered or deleted. Therefore, these attributes do not appear in the [Attributes] section of the authReportBadSharedSecret.ini file.

[Settings] Section

[Settings] Section

The [Settings] section of authReportBadSharedSecret.ini specifies the operational characteristics of the invalid shared secret report. Sample syntax is:

Table 48: authReportBadSharedSecret.ini [Settings] Syntax

Parameter

Function

BufferSize

The size of the buffer used in the logging process, in bytes.

Default value is 131072.

DaysToKeep

Specifies the number of days the Steel-Belted Radius Carrier server retains each invalid shared secret report.

Default value is 1 (one day).

LineSize

The maximum size of a single log line. The allowable range is 1024 to 32768.

Default value is 4096.

Note: Logging will fail if this value is exceeded.

LogFilePermissions

Specifies the owner and access permission setting for the invalid shared secret report (badSharedSecret_yyyymmdd.csv) file.

Enter a value for the LogFilePermissions setting in owner:group permissions format, where:

  • owner specifies the owner of the file in text or numeric format.

  • group specifies the group setting for the file in text or numeric format.

  • permissions specifies what privileges can be exercised by Owner/Group/Other with respect to the file in text or numeric format.

For example, user:1007 rw-r- - - - - specifies that the file owner (user) can read and edit the log file, members of group 1007 can read (but not edit) the log file, and that other users cannot access the log file.

MaxMinutesPerFile

Specifies how often the current report is closed and a new file opened.

  • If set to n (where n is a number greater than 0), a new report file is generated every n minutes.

  • If set to 0, a new report file is generated once every 24 hours, at midnight local time.

Default value is 0.

Note: The value entered for MaxMinutesPerFile determines the file name of the generated report.

QuoteBinary

  • If set to 1, binary values written to the report are enclosed in quotes.

  • If set to 0, quotes are not used.

Set this value according to the format expected by the application that processes the entries.

Default value is 1.

QuoteInteger

  • If set to 1, integer values written to the report are enclosed in quotes.

  • If set to 0, quotes are not used.

Set this value according to the format expected by the application that processes the entries.

Default value is 1.

QuoteIPAddress

  • If set to 1, IP addresses written to the report are enclosed in quotes.

  • If set to 0, quotes are not used.

Set this value according to the format expected by the application that processes the entries.

Default value is 1.

QuoteText

  • If set to 1, text strings written to the report are enclosed in quotes.

  • If set to 0, quotes are not used.

Set this value according to the format expected by the application that processes the entries.

Default value is 1.

QuoteTime

  • If set to 1, time and date values written to the report are enclosed in quotes.

  • If set to 0, quotes are not used.

Set this value according to the format expected by the application that processes the entries.

Default value is 1.

UTC

  • If set to 1, time and date values are provided according to UTC (GMT).

  • If set to 0, time and date values reflect local time.

Default value is 0.