Update Dictionaries

By default, the AAA Server provides standard RADIUS and TACACS+ dictionaries which apply to all common configurations. You can specify specific attributes to be used with the AAA Server in order to achieve full functionality from your NAS.

All dictionaries are text files stored in a directory. For example:
x:\Program Files\ActivIdentity\AAA\dico

  • Files with .rad extensions are RADIUS dictionaries.
  • Files with .tac extensions are TACACS+ dictionaries.

Take the following steps to edit these dictionaries using a common text editor (for example, Notepad or Wordpad).

  1. To preserve the default/original dictionary files, save the default dictionary with a different name.

  2. Edit the dictionary file as needed using a text editor.

    The name that follows the ATTRIBUTE keyword is customizable. It should correspond to the attribute name used by the NAS vendor.

    For example, the attributes for a Netscreen device could be entered as illustrated below.

    ATTRIBUTE Framed-IPX-Network 23 ipaddr

    ATTRIBUTE Challenge-State  24 string

    ATTRIBUTE Class   25 string

    ATTRIBUTE NS-Admin-Privilege 26 [vid=3224 vty=1 vat=integer]

    ATTRIBUTE NS-VSYS-Name  26 [vid=3224 vty=2 vat=string]

    ATTRIBUTE NS-User-Group    26 [vid=3224 vty=3 vat=string]

    ATTRIBUTE Session-Timeout  27 integer

    ATTRIBUTE Idle-Timeout  28 integer

    where:

    • vid is the vendor ID.
    • vty is the vendor type.
    • vat is the vendor attribute type.

    See the NAS vendor's documentation for complete attribute lists and values.

  3. Restart the AAA Server Administration Console to re-read the files.

    Once the changes have been applied, the customized items appear in the dictionary list, as illustrated in the following example.

    Note: For AAA Server on both Windows and Solaris, the customized dictionary file must be copied on each AAA Server. It must also be updated/copied in the Dico directory under the AAA Server installation directory on all of the machines hosting the AAA Server Administration Console.

     

  4. In the Dictionary Attributes section of the dialog box, select the attribute(s) now available in the list.
  5. Click the arrow to assign it to the Check Before or Send After sections.
  6. Assign a value or parameter to the entry, then assign that authorization profile to a user group.
  7. Save the changes and export the data to the server. See Export Data to the AAA Server(s).