RSA RADIUS Service stopped after upgrading to AM 8.6
Originally Published: 2022-04-07
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.5
Issue
Cause
- The highlighted attributes above from dictionary.radius-rsa-migrated_2 show an inconsistency between ATTRIBUTES 201 to 211, 249, 250, 251 and ATTRIBUTES 252 to 254. Attributes 252, 253, and 254 have their names verified while before 252, the attributes have no identity and are all set to string.
Resolution
2. Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.
3. Type the command: radiusd -X
- A similar error should appear: "Errors reading dictionary: dict_init: /usr/share/freeradius/dictionary.radius-rsa-migrated_2[Row_Number]: Invalid attribute identifier: Invalid data 'string' in attribute identifier".
4. Navigate to /usr/share/freeradius/dictionary.radius-rsa-migrated_2, remove Row_Number or comment it out and all invalid attribute entries.
5. Using WinSCP or a similar software, log in to the replica RSA Authentication Manager server.
6. Navigate /opt/rsa/am/radius/radius.dct, copy the correct attribute entries and add them to the new dictionary of the primary at /usr/share/freeradius/dictionary.radius-rsa-migrated_2.
7. Change any inconsistent syntax, for example: "ATTRIBUTE-" to be "ATTRIBUTE"
8. Restart the RADIUS service > /opt/rsa/am/server/rsaserv restart radius
9. Retype the command radiusd -X. A similar output to the below indicates that the service is running.
9. Port 1812/UDP should be listening again, to verify type: netstat -an | grep 1812.
10. Verify the RADIUS service is up and running > /opt/rsa/am/server/rsaserv status radius
Workaround
Notes
- The command radiusd -X is specific to FreeRADIUS only.
