000030700 - RADIUS server is sending return attribute from RSA Authentication Manager with a trailing value of  \000

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Dec 16, 2019
Version 6Show Document
  • View in full screen mode

Article Content

Article Number000030700
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueThe RADIUS server is sending a Vendor Specific Attribute (VSA) with a trailing value of \000 or \0x00, as seen below:
User-added image

A sample line from a Vendor Dictionary File is as follows:

ATTRIBUTE Fortinet-Access-Profile FORTINET-VSA(6,           string) r

A packet capture from Wireshark or tcpdump shows the return as follows:

VSA: l=12 t=Fortinet-Access-Profile(6): read_only\000
ResolutionModify the dictionary file to change the string value from string to stringnz.  By using stringnz in this case, the attribute being returned is set not to include the null values padding the attribute.

ATTRIBUTE Fortinet-Access-Profile FORTINET-VSA(6,           stringnz) r