Unable to create RADIUS profiles via the RSA Authentication Manager Security Console
2 years ago
Originally Published: 2018-06-27
Article Number
000042126
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.1.15.0 or later
Issue
The following warning message appears in the Security Console when following the procedure to add a RADIUS profile:

You need accurately configure a RADIUS server before you can view or edit any RADIUS clients or Profiles.

User-added image

When configured for verbose logging, the Authentication Manager imsTrace.log file located in /opt/rsa/am/server/logs reports the following: 
<returnList>
</returnList>
Whereas, it is expected that the following is reported in the /opt/rsa/am/server/logs/imsTrace.log: 
<returnList>
<attribute id = 'Service-Type' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'Login' value = '1'>
</namedAttribute>
<namedAttribute name = 'Framed' value = '2'>
</namedAttribute>
<namedAttribute name = 'Callback-Login' value = '3'>
</namedAttribute>
<namedAttribute name = 'Callback-Framed' value = '4'>
</namedAttribute>
<namedAttribute name = 'Outbound' value = '5'>
</namedAttribute>
<namedAttribute name = 'Administrative' value = '6'>
</namedAttribute>
<namedAttribute name = 'NAS-Prompt' value = '7'>
</namedAttribute>
<namedAttribute name = 'Authenticate-Only' value = '8'>
</namedAttribute>
<namedAttribute name = 'Callback-NAS-Prompt' value = '9'>
</namedAttribute>
<namedAttribute name = 'Call-Check' value = '10'>
</namedAttribute>
<namedAttribute name = 'Callback-Administrative' value = '11'>
</namedAttribute>
<namedAttribute name = 'MoIP' value = '95'>
</namedAttribute>
<namedAttribute name = 'Application-Fax' value = '96'>
</namedAttribute>
<namedAttribute name = 'DATA' value = '97'>
</namedAttribute>
<namedAttribute name = 'FoIP' value = '98'>
</namedAttribute>
<namedAttribute name = 'VoIP' value = '99'>
</namedAttribute>
<namedAttribute name = 'Annex-Authorize-Only' value = '103809025'>
</namedAttribute>
</attribute>
<attribute id = 'Framed-Protocol' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'PPP' value = '1'>
</namedAttribute>
<namedAttribute name = 'SLIP' value = '2'>
</namedAttribute>
<namedAttribute name = 'PPTP' value = '3'>
</namedAttribute>
<namedAttribute name = 'ARAP' value = '3'>
</namedAttribute>
<namedAttribute name = 'Gandalf-proprietary...' value = '4'>
</namedAttribute>
<namedAttribute name = 'Xylogics-proprietary-IPX/SLIP' value = '5'>
</namedAttribute>
<namedAttribute name = 'X.75-Synchronous' value = '6'>
</namedAttribute>
<namedAttribute name = 'Ascend-ARA' value = '255'>
</namedAttribute>
<namedAttribute name = 'MPP' value = '256'>
</namedAttribute>
<namedAttribute name = 'EURAW' value = '257'>
</namedAttribute>
<namedAttribute name = 'EUUI' value = '258'>
</namedAttribute>
<namedAttribute name = 'X25' value = '259'>
</namedAttribute>
<namedAttribute name = 'COMB' value = '260'>
</namedAttribute>
<namedAttribute name = 'FR' value = '261'>
</namedAttribute>
<namedAttribute name = 'MP' value = '262'>
</namedAttribute>
<namedAttribute name = 'FR-CIR' value = '263'>
</namedAttribute>
<namedAttribute name = 'ATM-1483' value = '264'>
</namedAttribute>
<namedAttribute name = 'ATM-FR-CIR' value = '265'>
</namedAttribute>
<namedAttribute name = 'X25-PPP' value = '17825795'>
</namedAttribute>
<namedAttribute name = 'IP-LAPB' value = '17825796'>
</namedAttribute>
<namedAttribute name = 'IP-HDLC' value = '17825798'>
</namedAttribute>
<namedAttribute name = 'MPR-LAPB' value = '17825799'>
</namedAttribute>
<namedAttribute name = 'MPR-HDLC' value = '17825800'>
</namedAttribute>
<namedAttribute name = 'FRAME-RELAY' value = '17825801'>
</namedAttribute>
<namedAttribute name = 'X31-BCHAN' value = '17825802'>
</namedAttribute>
<namedAttribute name = 'X75-PPP' value = '17825803'>
</namedAttribute>
<namedAttribute name = 'X75BTX-PPP' value = '17825804'>
</namedAttribute>
<namedAttribute name = 'X25-NOSIG' value = '17825805'>
</namedAttribute>
<namedAttribute name = 'X25-PPP-OPT' value = '17825806'>
</namedAttribute>
</attribute>
<attribute id = 'Framed-IP-Address' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddressPool'>
</attribute>
<attribute id = 'Framed-IP-Netmask' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'>
</attribute>
<attribute id = 'Framed-Routing' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'None' value = '0'>
</namedAttribute>
<namedAttribute name = 'Send-routing-packets' value = '1'>
</namedAttribute>
<namedAttribute name = 'Listen-for-routing-packets' value = '2'>
</namedAttribute>
<namedAttribute name = 'Send-and-listen' value = '3'>
</namedAttribute>
</attribute>
<attribute id = 'Filter-Id' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Framed-MTU' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'Framed-Compression' multivalued = 'true' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'None' value = '0'>
</namedAttribute>
<namedAttribute name = 'VJ-TCP-IP-header-compression' value = '1'>
</namedAttribute>
<namedAttribute name = 'IPX-header-compression' value = '2'>
</namedAttribute>
<namedAttribute name = 'Stac-LZS-compressions' value = '3'>
</namedAttribute>
<namedAttribute name = 'CCP' value = '256'>
</namedAttribute>
</attribute>
<attribute id = 'Login-IP-Host' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'>
</attribute>
<attribute id = 'Login-Service' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'Telnet' value = '0'>
</namedAttribute>
<namedAttribute name = 'Rlogin' value = '1'>
</namedAttribute>
<namedAttribute name = 'TCP-Clear' value = '2'>
</namedAttribute>
<namedAttribute name = 'Portmaster' value = '3'>
</namedAttribute>
<namedAttribute name = 'LAT' value = '4'>
</namedAttribute>
<namedAttribute name = 'X25-PAD' value = '5'>
</namedAttribute>
<namedAttribute name = 'X25-T3POS' value = '6'>
</namedAttribute>
<namedAttribute name = 'TCP-Clear-Quite' value = '8'>
</namedAttribute>
<namedAttribute name = 'ClearTCP-Quiet' value = '256'>
</namedAttribute>
<namedAttribute name = 'Ping' value = '1000'>
</namedAttribute>
</attribute>
<attribute id = 'Login-TCP-Port' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'Reply-Message' multivalued = 'true' namedAttribute = 'false' orderable = 'true' type = 'string'>
</attribute>
<attribute id = 'Callback-Number' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Callback-Id' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Framed-Route' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Framed-IPX-Network' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipxAddressPool'>
</attribute>
<attribute id = 'Class' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Session-Timeout' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'Idle-Timeout' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'Termination-Action' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'Default' value = '0'>
</namedAttribute>
<namedAttribute name = 'RADIUS-Request' value = '1'>
</namedAttribute>
<namedAttribute name = 'Manage-Resources' value = '2'>
</namedAttribute>
</attribute>
<attribute id = 'Login-LAT-Service' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Login-LAT-Node' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Login-LAT-Group' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Framed-AppleTalk-Link' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'Framed-AppleTalk-Network' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'Framed-AppleTalk-Zone' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Port-Limit' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'Login-LAT-Port' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Tunnel-Type' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'PPTP' value = '1'>
</namedAttribute>
<namedAttribute name = 'L2F' value = '2'>
</namedAttribute>
<namedAttribute name = 'L2TP' value = '3'>
</namedAttribute>
<namedAttribute name = 'ATMP' value = '4'>
</namedAttribute>
<namedAttribute name = 'VTP' value = '5'>
</namedAttribute>
<namedAttribute name = 'AH' value = '6'>
</namedAttribute>
<namedAttribute name = 'IP-IP' value = '7'>
</namedAttribute>
<namedAttribute name = 'MIN-IP-IP' value = '8'>
</namedAttribute>
<namedAttribute name = 'ESP' value = '9'>
</namedAttribute>
<namedAttribute name = 'GRE' value = '10'>
</namedAttribute>
<namedAttribute name = 'DVS' value = '11'>
</namedAttribute>
<namedAttribute name = 'IP-IP-Tunneling' value = '12'>
</namedAttribute>
<namedAttribute name = 'VLAN' value = '13'>
</namedAttribute>
</attribute>
<attribute id = 'Tunnel-Medium-Type' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'IP' value = '1'>
</namedAttribute>
<namedAttribute name = 'X.25' value = '2'>
</namedAttribute>
<namedAttribute name = 'ATM' value = '3'>
</namedAttribute>
<namedAttribute name = 'Frame-Relay' value = '4'>
</namedAttribute>
<namedAttribute name = 'BBN-1822' value = '5'>
</namedAttribute>
<namedAttribute name = '802' value = '6'>
</namedAttribute>
<namedAttribute name = 'E.163' value = '7'>
</namedAttribute>
<namedAttribute name = 'E.164' value = '8'>
</namedAttribute>
<namedAttribute name = 'F.69' value = '9'>
</namedAttribute>
<namedAttribute name = 'X.121' value = '10'>
</namedAttribute>
<namedAttribute name = 'IPX' value = '11'>
</namedAttribute>
<namedAttribute name = 'Appletalk' value = '12'>
</namedAttribute>
<namedAttribute name = 'Decnet-IV' value = '13'>
</namedAttribute>
<namedAttribute name = 'Banyan-Vines' value = '14'>
</namedAttribute>
<namedAttribute name = 'E.164-NSAP-subaddress' value = '15'>
</namedAttribute>
</attribute>
<attribute id = 'Tunnel-Client-Endpoint' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Tunnel-Server-Endpoint' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Tunnel-Password' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'ARAP-Features' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'hexadecimal'>
</attribute>
<attribute id = 'ARAP-Zone-Access' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'Access-Default-Zone' value = '1'>
</namedAttribute>
<namedAttribute name = 'Use-Zone-Filter-Inclusively' value = '2'>
</namedAttribute>
<namedAttribute name = 'Use-Zone-Filter-Exclusively' value = '4'>
</namedAttribute>
</attribute>
<attribute id = 'Password-Retry' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'Prompt' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'No-Echo' value = '0'>
</namedAttribute>
<namedAttribute name = 'Echo' value = '1'>
</namedAttribute>
</attribute>
<attribute id = 'Tunnel-Private-Group-ID' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Tunnel-Assignment-ID' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Tunnel-Preference' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'ARAP-Challenge-Response' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'hexadecimal'>
</attribute>
<attribute id = 'Acct-Interim-Interval' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'Framed-Pool' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Tunnel-Client-Auth-ID' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Tunnel-Server-Auth-ID' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'MS-MPPE-Encryption-Policy' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'Encryption-Allowed' value = '1'>
</namedAttribute>
<namedAttribute name = 'Encryption-Required' value = '2'>
</namedAttribute>
</attribute>
<attribute id = 'MS-MPPE-Encryption-Type' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'hexadecimal'>
</attribute>
<attribute id = 'MS-CHAP-Domain' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'constant'>
</attribute>
<attribute id = 'MS-CHAP-MPPE-Keys' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'constant'>
</attribute>
<attribute id = 'MS-BAP-Usage' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'BAP-usage-not-allowed' value = '0'>
</namedAttribute>
<namedAttribute name = 'BAP-usage-allowed' value = '1'>
</namedAttribute>
<namedAttribute name = 'BAP-usage-required' value = '2'>
</namedAttribute>
</attribute>
<attribute id = 'MS-Link-Utilization-Threshold' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'MS-Link-Drop-Time-Limit' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'>
</attribute>
<attribute id = 'MS-MPPE-Send-Key' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'constant'>
</attribute>
<attribute id = 'MS-MPPE-Recv-Key' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'constant'>
</attribute>
<attribute id = 'MS-Filter' multivalued = 'true' namedAttribute = 'false' orderable = 'true' type = 'string'>
</attribute>
<attribute id = 'MS-CHAP2-Success' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'hexadecimal'>
</attribute>
<attribute id = 'MS-Primary-DNS-Server' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'>
</attribute>
<attribute id = 'MS-Secondary-DNS-Server' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'>
</attribute>
<attribute id = 'MS-Primary-NBNS-Server' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'>
</attribute>
<attribute id = 'MS-Secondary-NBNS-Server' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'>
</attribute>
<attribute id = 'MS-CHAP-MPPE-Types' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'Disable' value = '0'>
</namedAttribute>
<namedAttribute name = 'Auto' value = '1'>
</namedAttribute>
<namedAttribute name = '40-Bit' value = '2'>
</namedAttribute>
<namedAttribute name = '128-Bit' value = '3'>
</namedAttribute>
<namedAttribute name = 'Required' value = '4'>
</namedAttribute>
</attribute>
<attribute id = 'Funk-Full-User-Name' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Funk-Integrity-Policy-Name' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Funk-Integrity-Result' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'>
<namedAttribute name = 'ALLOW' value = '0'>
</namedAttribute>
<namedAttribute name = 'NO_ACCESS' value = '1'>
</namedAttribute>
<namedAttribute name = 'ISOLATE' value = '2'>
</namedAttribute>
<namedAttribute name = 'NO_RECOMMENDATION' value = '3'>
</namedAttribute>
</attribute>
<attribute id = 'Funk-TNC-Payload' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Framed-Interface-Id' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipV6Interface'>
</attribute>
<attribute id = 'Framed-IPv6-Prefix' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'ipV6Prefix'>
</attribute>
<attribute id = 'Login-IPv6-Host' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'ipV6Address'>
</attribute>
<attribute id = 'Framed-IPv6-Route' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'stringnz'>
</attribute>
<attribute id = 'Framed-IPv6-Pool' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'stringnz'>
</attribute>
<attribute id = 'Digest-Response-Auth' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
<attribute id = 'Digest-Nextnonce' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'>
</attribute>
</returnList>

It was found that a custom RADIUS dictionary had been inappropriately configured when reviewing the RSA RADIUS log file located in /opt/rsa/am/radius.  For example,
  
...
...
...
06/25/2018 11:03:58 Configured server IP address: 10.204.1.55
06/25/2018 11:04:00 Invalid identifier on line number 2 of dictionary fortinet.dct
06/25/2018 11:04:00 Invalid identifier on line number 4 of dictionary fortinet.dct
06/25/2018 11:04:00 Invalid type on line 8 of dictionary fortinet.dct
06/25/2018 11:04:00 Invalid identifier on line number 16 of dictionary fortinet.dct
06/25/2018 11:04:05 Successfully created and closed saved-dcts.bin
...
...
...
Cause
RSA Authentication Manager is unable to retrieve the RADIUS attributes from the RSA RADIUS server.
Resolution
Due to the nature of this technical issue, customers are advised to locate the Authentication Manager license serial number and open a case with RSA Customer Support.

NOTE: Please reference article 000036490 when you open the support ticket with RSA Customer Support.

Related Articles

Trending Articles

Don't see what you're looking for?