SecureClient and RSA Radius and Generic User

[WALLE]

Hi
We use SecureID VPN and RSA Radius authentication through SecureID for our company users.
The users are not registred in SmartDashboard but hits the "Generic" user when they authenticate. The "Generic" user is member of the "SecurID users" group (for RSA authentication) wich is member of the "OfficeMode users" group (for Office mode IPadresses). This means i dont have to register every user in smart dashboard.
So far so good.

But...RSA Radius does not separate upper/lower case !!

An external(consultant) is registred in "users" in smart dashboard. Uses RSA for authentication through RSA Radius.
When this user authenticates, everything is fine as long as he writes his username right.
If he uses lower-case instead of uppercase and vice versa in his username, the RSAauthentication will accept his RSA Token but will NOT hit the registred user in smart dashboard (RSA Radius does not separate upper/lower case), and go for the generic user. He will then get the same rights as the company users.

Is there a way to fix this?
I guess the external user needs to be in the "SecurID users" to enable Rsa Authentication.
Is it possible to assign the external user an ip adress other than OfficeMode ip ?
Other ideas?

Regards
// Walle

[chillyjim]

That's a good one...

Is that also true if you use the native SDI authentication in the SmartCenter and not RADIUS? the ACE server's radius is really a joke.

As for IP address you can look at $FWDIR/conf/ipassignments.conf on the gateway. There you can assign an ipaddress directly to the user.

[michtan]

Hi WALLE,
My CP is hitting the exact problems as you described. Were you able to get the solution?

This fw is on a resilience hardware. I have another staging setup where CP was installed on a Windows 2003 server where eveything (fw ver, HFA, cofiguration, etc.) is the same but is not exhibiting the same behaviour.

Please let me know if you have a workaround. Thanks.