RADIUS server is sending return attribute from RSA Authentication Manager with a trailing value of \000
3 years ago
Originally Published: 2015-07-02
Article Number
000053679
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
The RADIUS server is sending a Vendor Specific Attribute (VSA) with a trailing value of \000 or \0x00, as seen below:
User-added image

A sample line from a Vendor Dictionary File is as follows: 
ATTRIBUTE Fortinet-Access-Profile FORTINET-VSA(6,           string) r

A packet capture from Wireshark or tcpdump shows the return as follows: 
VSA: l=12 t=Fortinet-Access-Profile(6): read_only\000
Resolution
Modify the dictionary file to change the string value from string to stringnz.  By using stringnz in this case, the attribute being returned is set not to include the null values padding the attribute. 
ATTRIBUTE Fortinet-Access-Profile FORTINET-VSA(6,           stringnz) r

Related Articles

Trending Articles

Don't see what you're looking for?