000012942 - How to enable RADIUS debugging/verbose logs with RSA Authentication Manager

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Mar 29, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012942
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
IssueThis article is an overview on how to enable RADIUS debugging, enablingRADIUS verbose logs and enabling tracing on RADIUS authentication.
Resolution

Authentication Manager 6.1 or RSA SecurID Appliance 2.0


  1. Edit the RADIUS configuration file (radius.ini), which based on the system will be in different locations.
  • Authentication Manager 6.1 on Unix:  /opt/rsa/radius directory. 
  • Authentication Manager 6.1 on Windows: <drive>\Program Files\RSA Security\RSA Authentication Manager\RADIUS\service\
  • RSA SecurID Appliance 2.0 on Windows:  C:\authmgr\RSA Security\RSA Authentication Manager\RADIUS\service\
  1. Open the radius.ini in a text editor.
  2. Uncomment the following three lines:  [Configuration], Trace Level and Log level, by removing the semicolon ( ; ) or # signfrom the beginning of the line.
  3. Change the trace level and log level values to 2, as shown:
[Configuration]
LogLevel                   = 2
TraceLevel                 = 2

  1. Stop and start RADIUS.  This restart allows the debug changes to take effect.
  • Authentication Manager 6.1 on Unix:  Run
/etc/init.d/sbrd start

  • Authentication Manager 6.1 on Windows: From the RSA Control Panel select Stop and Start RSA Auth Manager services and click Stop RADIUS.  When the Start RADIUS button is enabled, click it to start the service.
  • RSA SecurID Appliance 2.0 on Windows:  From the RSA Control Panel select Stop and Start RSA Auth Manager services and click Stop RADIUS.  When the Start RADIUS button is enabled, click it to start the service.

Authentication Manager 7.1 and RSA SecurID Appliance 3.0


For Authentication Manager 7.1, changes to the radius.ini are done from the command line or from the Operations Console.


Command Line


  1. Navigate to:
  • Authentication Manager 7.1 on Unix or RSA SecurID Appliance 3.0:  /usr/local/RSASecurity/RSAAuthenticationManager/radius
  • Authentication Manager 7.1 on Windows:  <drive>\Program Files\RSA Security\RSA Authentication Manager\RADIUS\service\
  1. Open the radius.ini in a text editor.
  2. Uncomment the following three lines:  [Configuration], Trace Level and Log level, by removing the semicolon ( ; ) or # signfrom the beginning of the line.
  3. Change the trace level and log level values to 2, as shown:

  4. [Configuration]
    LogLevel                   = 2
    TraceLevel                 = 2

  5. Stop and start RADIUS.
  • Authentication Manager 7.1 on Unix or RSA SecurID Appliance 3.0:  From the command line, navigate to /usr/local/RSASecurity/RSAAuthenticationManager/server.  Run the command

  1. ./rsaam restart radius

  • Authentication Manager 7.1 on Windows:  From the Windows Service.msc, restart RADIUS.  This restart allows the debug changes to take effect.

Operations Console


  1. Logon to the Operations Console.
  2. Select Deployment Configuration > RADIUS > Manage Existing.
  3. Next to the primary's server name click on the drop down menu and select Manage RADIUS Server.
  4. Scroll down and click link for Edit Server Configuration Files.
  5. Next to the radius.ini select Edit.
  6. Uncomment the following three lines:  [Configuration], Trace Level and Log Level, by removing the semicolon ( ; ) or # signfrom the beginning of the line.
  7. Change the trace level and log level values to 2, as shown:
[Configuration]
LogLevel                   = 2
TraceLevel                 = 2

  1. Save the changes to the radius.ini file.
  2. Use the Stop RADIUS Server link on the Manage RADIUS server page to stop RADIUS then click Start RADIUS to restart the service.  This restart allows the debug changes to take effect.


Authentication Manager 8.x


For Authentication Manager 8.x changes to the radius.ini configuration file are done from the Operations Console.
  1. Select Deployment Configuration > RADIUS Servers Edit RADIUS Server.
  2. Click the drop down arrow on the primary Authentication Manager server and choose  Manage Server Files.
  3. Click on the drop down arrow next to the radius.ini file and choose Edit
  4. Uncomment the following three lines:  [Configuration], Trace Level and Log level, by removing the semicolon ( ; ) or # signfrom the beginning of the line.
  5. Change the trace level and log level values to 2, as shown:
[Configuration]
LogLevel                   = 2
TraceLevel                 = 2

  1. When done, click Save & Restart RADIUS Server.  This restart allows the debug changes to take effect.
Legacy Article IDa57840

Attachments

    Outcomes