Migration from Authentication Manager 7.1 SP4 to 8.1 SP1 migrates RADIUS Client associated agents but not the RADIUS clients
Originally Published: 2014-11-07
Article Number
Applies To
RSA Product/Service Type: SecurID Appliance
RSA Version/Condition: AM 8.1
Platform: Linux
Platform (Other): Steel belted standalone RADIUS on Solaris appliance
O/S Version: Other platforms, see notes
Product Name: RSA-0010810
Product Description: RSA-0010810
Issue
Tasks
2. Migrate the 'fake' AM 6.1 package
Resolution
we compared the 2 and the header and footers were different. We compared the data and it was similar. we took the Enterprise XML and put the headers
and footers from my dump into the file. removed the extra radius client data that was not in my dump. We took the xml file and zipped it. The changed the
file name from.zip to .xml. Ran the radius import utility on the AM 8.1 Operations console. all the clients were imported.
=================
example
1) rename the two xml files to radiusClients.xml and radiusProfiles.xml
2) edit each XML with wordpad or notepad and change the headers
a) for the radiusClient XML make sure it starts like this
<?xml version = "1.0"?><radiusClients>
<radiusClient id="05310-corp-(this line is my first client entry, your line here will be your first client)
---snipped the rest of the client data---
make sure it ends like this
</radiusClient>
</radiusClients>
b) for the radiusProfiles xml
start and end like this
<?xml version = "1.0"?><authenticationProfiles>
<authenticationProfile id="
and ends like this
</authenticationProfile>
</authenticationProfiles>
c) sample xmls from actual 6.1 migration
to help you set up your own headers and trailers
radiusClients.xml
?xml version = "1.0"?><radiusClients>
<radiusClient id="05310-corp-BACKUP " description="" encryptedAccountingSharedSecret="" cleartextAccountingSharedSecret="" ipAddress="" ipAddressPool="" ipV6Address="" secondsForKeepalive="0" deviceModel="Netscreen Technologies" encryptedAuthenticationSharedSecret="233c07cf c924beac bf4a5e92 9e559993 4d51ffb4 a045d0c5 cc273ff1 f230eae0 4d51ffb4 a045d0c5 cc273ff1 f230eae0 4d51ffb4 a045d0c5 cc273ff1 f230eae0 4d51ffb4 a045d0c5 cc273ff1 f230eae0 4d51ffb4 a045d0c5 cc273ff1 f230eae0 4d51ffb4 a045d0c5 cc273ff1 f230eae0 4d51ffb4 a045d0c5 cc273ff1 f230eae0 4d51ffb4" cleartextAuthenticationSharedSecret="">
</radiusClient>
<radiusClient id="05315-corp-BACKUP" description="" encryptedAccountingSharedSecret="" cleartextAccountingSharedSecret="" ipAddress="192.168.70.58" ipAddressPool="" ipV6Address="" secondsForKeepalive="0" deviceModel="Netscreen Technologies" encryptedAuthenticationSharedSecret="1e5eb03c 35808f7c 3d593bf3 6282a41c abef279f 5ce1e115 4e345a90 0ee7d76f abef279f 5ce1e115 4e345a90 0ee7d76f abef279f 5ce1e115 4e345a90 0ee7d76f abef279f 5ce1e115 4e345a90 0ee7d76f abef279f 5ce1e115 4e345a90 0ee7d76f abef279f 5ce1e115 4e345a90 0ee7d76f abef279f 5ce1e115 4e345a90 0ee7d76f abef279f" cleartextAuthenticationSharedSecret="">
</radiusClient>
<radiusClient id="10E00-corp-BACKUP" description="" encryptedAccountingSharedSecret="" cleartextAccountingSharedSecret="" ipAddress="" ipAddressPool="" ipV6Address="" secondsForKeepalive="0" deviceModel="Netscreen Technologies" encryptedAuthenticationSharedSecret="981c0dcf 0be9b34c 8dfedeba 8432bd42 183164a0 6288dd25 fe93bfd9 e857ce31 183164a0 6288dd25 fe93bfd9 e857ce31 183164a0 6288dd25 fe93bfd9 e857ce31 183164a0 6288dd25 fe93bfd9 e857ce31 183164a0 6288dd25 fe93bfd9 e857ce31 183164a0 6288dd25 fe93bfd9 e857ce31 183164a0 6288dd25 fe93bfd9 e857ce31 183164a0" cleartextAuthenticationSharedSecret="">
</radiusClient>
<radiusClient id="10K00-corp-BACKUP " description="" encryptedAccountingSharedSecret="" cleartextAccountingSharedSecret="" ipAddress="" ipAddressPool="" ipV6Address="" secondsForKeepalive="0" deviceModel="Netscreen Technologies" encryptedAuthenticationSharedSecret="7ee10dcf b115f605 77856e59 050d5d47 f4be1e26 d874986c 04e80f3a 69682e34 f4be1e26 d874986c 04e80f3a 69682e34 f4be1e26 d874986c 04e80f3a 69682e34 f4be1e26 d874986c 04e80f3a 69682e34 f4be1e26 d874986c 04e80f3a 69682e34 f4be1e26 d874986c 04e80f3a 69682e34 f4be1e26 d874986c 04e80f3a 69682e34 f4be1e26" cleartextAuthenticationSharedSecret="">
</radiusClient>
</radiusClients>
radiusProfiles.xml
<?xml version = "1.0"?><authenticationProfiles>
<authenticationProfile id="FIREWALL ADMIN (READ)" description="Administrative profile for Juniper Firewall (Read Only)">
<checkListAttributes>
</checkListAttributes>
<returnListAttributes>
<attribute name="NS-Admin-Privilege" type="int4" namedAttributeValue="READ_ONLY" multivalued="false" order="0" echo="false" value="4" /></returnListAttributes>
</authenticationProfile>
<authenticationProfile id="FIREWALL ADMIN (READ/WRITE)" description="Administrative profile for Juniper Firewall (Read and Write)">
<checkListAttributes>
</checkListAttributes>
<returnListAttributes>
<attribute name="NS-Admin-Privilege" type="int4" namedAttributeValue="READ_WRITE" multivalued="false" order="0" echo="false" value="2" /></returnListAttributes>
</authenticationProfile>
</authenticationProfiles>
3) Build a new directory path similar to this so it can be zipped up with the path included
\Program Files\RSA Security\RSA Authentication Manager\prog\radius\admin\1287286258504
place the XML files in directory 1287286258504
Now zip up the entire path including the two xmls,
(so when they extract they would lay out this path and the 2 xml's)
so you end up with this (this is a screenshot of winzip)
4) Finally, rename the zip file to
radiusMigration_1287286258565.pkg
5) try to import this to the 8.1 operations console, deployment config, migration from 6.1, radius
Notes
zips them up and changes the .zip extension to .pkg
In Enterprise SBR you can dump the clients and profiles individually. by massaging the xml file as per my resolution. you do the same thing, zip up the xml files.
and change the extension to .pkg
Related Articles
RSA & ID Dataweb - Identity Verification Number of Views Creating agent shows as RADIUS client agent in authentication agents. Number of Views RADIUS Server configuration warning in RSA Authentication Manager 8.1 SP1 Number of Views Disable the display of user information thumbnail when the screen is locked in RSA Authentication Agent 7.x for Windows Number of Views Configuring a restricted agent associated to a RADIUS client to control user access with RSA Authentication Manager 8.x. Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
