Security

Reply
MVP
Posts: 371
Registered: ‎01-14-2010

Error when referencing a new value in an existing Clearpass dictionary

I was trying to get an advanced feature, the equivalent of downloadable ACLs, to work on a Juniper switch and I ran into an issue. I had to add a string to the Juniper dictionary in ID #48. I exported the Juniper dictionary, made the change, and then re-imported the dictionary - without an error. I then tried to reference the new string in an enforcement profile and it threw the following error in the logs from Access Tracker:

 

2013-12-10 16:43:01,211[RequestHandler-1-0x7fc3e4761700 h=857

c=R00000026-01-52a78ae5] ERROR Common.RadiusDictTable - No Attribute for

VendorId = 2636, AttrId = 482013-12-10

16:43:01,211[RequestHandler-1-0x7fc3e4761700 h=857

c=R00000026-01-52a78ae5] ERROR Common.RadiusVendorAttrMap - Invalid

attribute Id=48 Vendor=Juniper2013-12-10

16:43:01,211[RequestHandler-1-0x7fc3e4761700 h=857

c=R00000026-01-52a78ae5] ERROR Common.BaseRadiusEnfProfileCacheObj -

Failed to insert Vendor=Juniper attrId=48 Value=match destination-ip

8.8.8.8/32 action deny

 

I hadn't come across an error like this before, and wasn't sure how to proceed. My next step may be to create a brand new dictionary from scratch, with only this value, and then see what happens.

 

Any help would defintitely be appreciated - thanks!

 

-Mike

 

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: Error when referencing a new value in an existing Clearpass dictionary

Mike,

It looks like a mapping error on the dictionary and I havent seen that issue before can you open a TAC case and let them dig into it?
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor I
Posts: 9
Registered: ‎04-16-2007

Re: Error when referencing a new value in an existing Clearpass dictionary

Hi Mike,

 

I know this is an old question, but I had exactly the same problem.  For anyone else out there, you need to restart the RADIUS service on Clearpass in order for it to reload all of the dictionary attributes - even though they already show up in the GUI for your Authorization profiles.

 

Cheers,

 

Ben

Search Airheads
Showing results for 
Search instead for 
Did you mean: