Unable to create RADIUS profiles via the RSA Authentication Manager Security Console
Originally Published: 2018-06-27
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.1.15.0 or later
Issue
You need accurately configure a RADIUS server before you can view or edit any RADIUS clients or Profiles.
When configured for verbose logging, the Authentication Manager imsTrace.log file located in /opt/rsa/am/server/logs reports the following:
<returnList> </returnList>Whereas, it is expected that the following is reported in the /opt/rsa/am/server/logs/imsTrace.log:
<returnList> <attribute id = 'Service-Type' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'Login' value = '1'> </namedAttribute> <namedAttribute name = 'Framed' value = '2'> </namedAttribute> <namedAttribute name = 'Callback-Login' value = '3'> </namedAttribute> <namedAttribute name = 'Callback-Framed' value = '4'> </namedAttribute> <namedAttribute name = 'Outbound' value = '5'> </namedAttribute> <namedAttribute name = 'Administrative' value = '6'> </namedAttribute> <namedAttribute name = 'NAS-Prompt' value = '7'> </namedAttribute> <namedAttribute name = 'Authenticate-Only' value = '8'> </namedAttribute> <namedAttribute name = 'Callback-NAS-Prompt' value = '9'> </namedAttribute> <namedAttribute name = 'Call-Check' value = '10'> </namedAttribute> <namedAttribute name = 'Callback-Administrative' value = '11'> </namedAttribute> <namedAttribute name = 'MoIP' value = '95'> </namedAttribute> <namedAttribute name = 'Application-Fax' value = '96'> </namedAttribute> <namedAttribute name = 'DATA' value = '97'> </namedAttribute> <namedAttribute name = 'FoIP' value = '98'> </namedAttribute> <namedAttribute name = 'VoIP' value = '99'> </namedAttribute> <namedAttribute name = 'Annex-Authorize-Only' value = '103809025'> </namedAttribute> </attribute> <attribute id = 'Framed-Protocol' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'PPP' value = '1'> </namedAttribute> <namedAttribute name = 'SLIP' value = '2'> </namedAttribute> <namedAttribute name = 'PPTP' value = '3'> </namedAttribute> <namedAttribute name = 'ARAP' value = '3'> </namedAttribute> <namedAttribute name = 'Gandalf-proprietary...' value = '4'> </namedAttribute> <namedAttribute name = 'Xylogics-proprietary-IPX/SLIP' value = '5'> </namedAttribute> <namedAttribute name = 'X.75-Synchronous' value = '6'> </namedAttribute> <namedAttribute name = 'Ascend-ARA' value = '255'> </namedAttribute> <namedAttribute name = 'MPP' value = '256'> </namedAttribute> <namedAttribute name = 'EURAW' value = '257'> </namedAttribute> <namedAttribute name = 'EUUI' value = '258'> </namedAttribute> <namedAttribute name = 'X25' value = '259'> </namedAttribute> <namedAttribute name = 'COMB' value = '260'> </namedAttribute> <namedAttribute name = 'FR' value = '261'> </namedAttribute> <namedAttribute name = 'MP' value = '262'> </namedAttribute> <namedAttribute name = 'FR-CIR' value = '263'> </namedAttribute> <namedAttribute name = 'ATM-1483' value = '264'> </namedAttribute> <namedAttribute name = 'ATM-FR-CIR' value = '265'> </namedAttribute> <namedAttribute name = 'X25-PPP' value = '17825795'> </namedAttribute> <namedAttribute name = 'IP-LAPB' value = '17825796'> </namedAttribute> <namedAttribute name = 'IP-HDLC' value = '17825798'> </namedAttribute> <namedAttribute name = 'MPR-LAPB' value = '17825799'> </namedAttribute> <namedAttribute name = 'MPR-HDLC' value = '17825800'> </namedAttribute> <namedAttribute name = 'FRAME-RELAY' value = '17825801'> </namedAttribute> <namedAttribute name = 'X31-BCHAN' value = '17825802'> </namedAttribute> <namedAttribute name = 'X75-PPP' value = '17825803'> </namedAttribute> <namedAttribute name = 'X75BTX-PPP' value = '17825804'> </namedAttribute> <namedAttribute name = 'X25-NOSIG' value = '17825805'> </namedAttribute> <namedAttribute name = 'X25-PPP-OPT' value = '17825806'> </namedAttribute> </attribute> <attribute id = 'Framed-IP-Address' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddressPool'> </attribute> <attribute id = 'Framed-IP-Netmask' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'> </attribute> <attribute id = 'Framed-Routing' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'None' value = '0'> </namedAttribute> <namedAttribute name = 'Send-routing-packets' value = '1'> </namedAttribute> <namedAttribute name = 'Listen-for-routing-packets' value = '2'> </namedAttribute> <namedAttribute name = 'Send-and-listen' value = '3'> </namedAttribute> </attribute> <attribute id = 'Filter-Id' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Framed-MTU' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'Framed-Compression' multivalued = 'true' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'None' value = '0'> </namedAttribute> <namedAttribute name = 'VJ-TCP-IP-header-compression' value = '1'> </namedAttribute> <namedAttribute name = 'IPX-header-compression' value = '2'> </namedAttribute> <namedAttribute name = 'Stac-LZS-compressions' value = '3'> </namedAttribute> <namedAttribute name = 'CCP' value = '256'> </namedAttribute> </attribute> <attribute id = 'Login-IP-Host' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'> </attribute> <attribute id = 'Login-Service' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'Telnet' value = '0'> </namedAttribute> <namedAttribute name = 'Rlogin' value = '1'> </namedAttribute> <namedAttribute name = 'TCP-Clear' value = '2'> </namedAttribute> <namedAttribute name = 'Portmaster' value = '3'> </namedAttribute> <namedAttribute name = 'LAT' value = '4'> </namedAttribute> <namedAttribute name = 'X25-PAD' value = '5'> </namedAttribute> <namedAttribute name = 'X25-T3POS' value = '6'> </namedAttribute> <namedAttribute name = 'TCP-Clear-Quite' value = '8'> </namedAttribute> <namedAttribute name = 'ClearTCP-Quiet' value = '256'> </namedAttribute> <namedAttribute name = 'Ping' value = '1000'> </namedAttribute> </attribute> <attribute id = 'Login-TCP-Port' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'Reply-Message' multivalued = 'true' namedAttribute = 'false' orderable = 'true' type = 'string'> </attribute> <attribute id = 'Callback-Number' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Callback-Id' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Framed-Route' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Framed-IPX-Network' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipxAddressPool'> </attribute> <attribute id = 'Class' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Session-Timeout' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'Idle-Timeout' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'Termination-Action' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'Default' value = '0'> </namedAttribute> <namedAttribute name = 'RADIUS-Request' value = '1'> </namedAttribute> <namedAttribute name = 'Manage-Resources' value = '2'> </namedAttribute> </attribute> <attribute id = 'Login-LAT-Service' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Login-LAT-Node' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Login-LAT-Group' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Framed-AppleTalk-Link' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'Framed-AppleTalk-Network' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'Framed-AppleTalk-Zone' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Port-Limit' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'Login-LAT-Port' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Tunnel-Type' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'PPTP' value = '1'> </namedAttribute> <namedAttribute name = 'L2F' value = '2'> </namedAttribute> <namedAttribute name = 'L2TP' value = '3'> </namedAttribute> <namedAttribute name = 'ATMP' value = '4'> </namedAttribute> <namedAttribute name = 'VTP' value = '5'> </namedAttribute> <namedAttribute name = 'AH' value = '6'> </namedAttribute> <namedAttribute name = 'IP-IP' value = '7'> </namedAttribute> <namedAttribute name = 'MIN-IP-IP' value = '8'> </namedAttribute> <namedAttribute name = 'ESP' value = '9'> </namedAttribute> <namedAttribute name = 'GRE' value = '10'> </namedAttribute> <namedAttribute name = 'DVS' value = '11'> </namedAttribute> <namedAttribute name = 'IP-IP-Tunneling' value = '12'> </namedAttribute> <namedAttribute name = 'VLAN' value = '13'> </namedAttribute> </attribute> <attribute id = 'Tunnel-Medium-Type' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'IP' value = '1'> </namedAttribute> <namedAttribute name = 'X.25' value = '2'> </namedAttribute> <namedAttribute name = 'ATM' value = '3'> </namedAttribute> <namedAttribute name = 'Frame-Relay' value = '4'> </namedAttribute> <namedAttribute name = 'BBN-1822' value = '5'> </namedAttribute> <namedAttribute name = '802' value = '6'> </namedAttribute> <namedAttribute name = 'E.163' value = '7'> </namedAttribute> <namedAttribute name = 'E.164' value = '8'> </namedAttribute> <namedAttribute name = 'F.69' value = '9'> </namedAttribute> <namedAttribute name = 'X.121' value = '10'> </namedAttribute> <namedAttribute name = 'IPX' value = '11'> </namedAttribute> <namedAttribute name = 'Appletalk' value = '12'> </namedAttribute> <namedAttribute name = 'Decnet-IV' value = '13'> </namedAttribute> <namedAttribute name = 'Banyan-Vines' value = '14'> </namedAttribute> <namedAttribute name = 'E.164-NSAP-subaddress' value = '15'> </namedAttribute> </attribute> <attribute id = 'Tunnel-Client-Endpoint' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Tunnel-Server-Endpoint' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Tunnel-Password' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'ARAP-Features' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'hexadecimal'> </attribute> <attribute id = 'ARAP-Zone-Access' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'Access-Default-Zone' value = '1'> </namedAttribute> <namedAttribute name = 'Use-Zone-Filter-Inclusively' value = '2'> </namedAttribute> <namedAttribute name = 'Use-Zone-Filter-Exclusively' value = '4'> </namedAttribute> </attribute> <attribute id = 'Password-Retry' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'Prompt' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'No-Echo' value = '0'> </namedAttribute> <namedAttribute name = 'Echo' value = '1'> </namedAttribute> </attribute> <attribute id = 'Tunnel-Private-Group-ID' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Tunnel-Assignment-ID' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Tunnel-Preference' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'ARAP-Challenge-Response' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'hexadecimal'> </attribute> <attribute id = 'Acct-Interim-Interval' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'Framed-Pool' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Tunnel-Client-Auth-ID' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Tunnel-Server-Auth-ID' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'MS-MPPE-Encryption-Policy' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'Encryption-Allowed' value = '1'> </namedAttribute> <namedAttribute name = 'Encryption-Required' value = '2'> </namedAttribute> </attribute> <attribute id = 'MS-MPPE-Encryption-Type' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'hexadecimal'> </attribute> <attribute id = 'MS-CHAP-Domain' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'constant'> </attribute> <attribute id = 'MS-CHAP-MPPE-Keys' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'constant'> </attribute> <attribute id = 'MS-BAP-Usage' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'BAP-usage-not-allowed' value = '0'> </namedAttribute> <namedAttribute name = 'BAP-usage-allowed' value = '1'> </namedAttribute> <namedAttribute name = 'BAP-usage-required' value = '2'> </namedAttribute> </attribute> <attribute id = 'MS-Link-Utilization-Threshold' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'MS-Link-Drop-Time-Limit' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'int4'> </attribute> <attribute id = 'MS-MPPE-Send-Key' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'constant'> </attribute> <attribute id = 'MS-MPPE-Recv-Key' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'constant'> </attribute> <attribute id = 'MS-Filter' multivalued = 'true' namedAttribute = 'false' orderable = 'true' type = 'string'> </attribute> <attribute id = 'MS-CHAP2-Success' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'hexadecimal'> </attribute> <attribute id = 'MS-Primary-DNS-Server' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'> </attribute> <attribute id = 'MS-Secondary-DNS-Server' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'> </attribute> <attribute id = 'MS-Primary-NBNS-Server' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'> </attribute> <attribute id = 'MS-Secondary-NBNS-Server' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipAddress'> </attribute> <attribute id = 'MS-CHAP-MPPE-Types' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'Disable' value = '0'> </namedAttribute> <namedAttribute name = 'Auto' value = '1'> </namedAttribute> <namedAttribute name = '40-Bit' value = '2'> </namedAttribute> <namedAttribute name = '128-Bit' value = '3'> </namedAttribute> <namedAttribute name = 'Required' value = '4'> </namedAttribute> </attribute> <attribute id = 'Funk-Full-User-Name' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Funk-Integrity-Policy-Name' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Funk-Integrity-Result' multivalued = 'false' namedAttribute = 'true' orderable = 'false' type = 'int4'> <namedAttribute name = 'ALLOW' value = '0'> </namedAttribute> <namedAttribute name = 'NO_ACCESS' value = '1'> </namedAttribute> <namedAttribute name = 'ISOLATE' value = '2'> </namedAttribute> <namedAttribute name = 'NO_RECOMMENDATION' value = '3'> </namedAttribute> </attribute> <attribute id = 'Funk-TNC-Payload' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Framed-Interface-Id' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'ipV6Interface'> </attribute> <attribute id = 'Framed-IPv6-Prefix' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'ipV6Prefix'> </attribute> <attribute id = 'Login-IPv6-Host' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'ipV6Address'> </attribute> <attribute id = 'Framed-IPv6-Route' multivalued = 'true' namedAttribute = 'false' orderable = 'false' type = 'stringnz'> </attribute> <attribute id = 'Framed-IPv6-Pool' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'stringnz'> </attribute> <attribute id = 'Digest-Response-Auth' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> <attribute id = 'Digest-Nextnonce' multivalued = 'false' namedAttribute = 'false' orderable = 'false' type = 'string'> </attribute> </returnList>
It was found that a custom RADIUS dictionary had been inappropriately configured when reviewing the RSA RADIUS log file located in /opt/rsa/am/radius. For example,
...
...
...
06/25/2018 11:03:58 Configured server IP address: 10.204.1.55
06/25/2018 11:04:00 Invalid identifier on line number 2 of dictionary fortinet.dct
06/25/2018 11:04:00 Invalid identifier on line number 4 of dictionary fortinet.dct
06/25/2018 11:04:00 Invalid type on line 8 of dictionary fortinet.dct
06/25/2018 11:04:00 Invalid identifier on line number 16 of dictionary fortinet.dct
06/25/2018 11:04:05 Successfully created and closed saved-dcts.bin
...
...
...
Cause
Resolution
NOTE: Please reference article 000036490 when you open the support ticket with RSA Customer Support.
