000038253 - Integrate Citrix NetScaler with RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jan 7, 2020Last modified by RSA Customer Support Employee on Jan 24, 2020
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000038253
Applies ToRSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueThe RSA RADIUS log file is reporting the following message:
 
Truncated request (8 bytes) received from n.n.n.n, ignoring authentication request

 
CauseThese messages in the RSA RADIUS log file are a result of a RADIUS service monitor in the Citrix NetScaler polling the RSA RADIUS Authentication Manager instance. 
ResolutionSee the Citrix documentation to correctly configure the RADIUS service monitor or disable the service health monitor in the Citrix NetScaler.

Learn more about Citrix NetScaler RADIUS monitoring information.
NotesDownload the Citrix Systems NetScaler Gateway RSA SecurID Access Implementation Guide.

Testing the RADIUS connection from the Citrix NetScaler



  1. Go to the NetScaler Gateway.
  2. Select Policies > Authentication > RADIUS > Servers.
  3. Open Server Properties.
  4. Select Test Connection.

User-added image


  1. With the following command using the CLI shell nstcpdump.sh -c 100 host 10.y.y.y you see the following log entries:

13:01:46.139063 IP 10.x.x.x.31191 > 10.y.y.y.1812: RADIUS, Access-Request (1), id: 0xe2 length: 50
13:01:46.139075 IP 10.x.x.x.53765 > 10.y.y.y.1812: RADIUS, Access-Request (1), id: 0xe2 length: 50
13:01:46.146058 IP 10.y.y.y.1812 > 10.x.x.x.53765: RADIUS, Access-Reject (3), id: 0xe2 length: 20
13:01:46.146062 IP 10.y.y.y.1812 > 10.x.x.x.31191: RADIUS, Access-Reject (3), id: 0xe2 length: 20


These are desired results. They show the Citrix NetScaler is sending an empty/invalid RADIUS authentication request in test, hence the Access-Reject.

Attachments

    Outcomes