RSA Product/Service Type: Authentication Manager
The third-party Fortinet device requires a vendor-specific attribute returned in a RADIUS profile returns list.
Please contact the vendor of the third-party device or software with regards to the attributes required to be returned in the RADIUS profile. This information can be used to create a new RADIUS dictionary if the vendor-specific attributes do not already exist. Here is an example of adding a new vendor-specific attribute dictionary to RSA RADIUS for a Fortinet device.
- The default RSA RADIUS folders for RSA RADIUS 7.1 on Microsoft WIndows is C:\Program Files\RSA Security\RSA Authentication Manager\radius\Service or /usr/local/RSASecurity/RSAAuthenticationManager/radius for Unix and the RSA SecurID Appliance 3.0.
- For RSA Authentication Manager 8.x, the path is /opt/rsa/am/radius/.
- Create a RADIUS dictionary file named fortinet.dct in the RSA RADIUS folder.
- Add the following attributes to the new RADIUS dictionary:
@radius.dct
MACRO FORTINET-VSA(type,syntax) 26 [vid=12356 type1=%type% len1=+2 data=%syntax%]
ATTRIBUTE Fortinet-Group-Name FORTINET-VSA(1, string) r
ATTRIBUTE Fortinet-Client-IP-Address FORTINET-VSA(2, ipaddr) r
ATTRIBUTE Fortinet-Vdom-Name FORTINET-VSA(3, string) r
Please refer to the readme.dct in the RADIUS folder for detailed information about the dictionary format.
- Update the vendor.ini and add the following new section for the new vendor:
vendor-product = Fortinet dictionary = fortinet ignore-ports = no port-number-usage = per-port-type help-id = 2000
NOTE: It is recommended to add the new vendor in alphabetic order as this maintains order in the RADIUS graphical user interface on the pull-down list.
- Update a file called dictiona.dcm and add the dictionary filename to the vendor specific list (in alphabetic order):
@fortinet.dct
- Stop and start the RSA RADIUS service.
- Examine the RADIUS log file (formatted yyyymmdd.log - e.g. 20110829) found in the ../radius folder for any error messages concerning the new RADIUS dictionary (e. g., fortinet.dct). You are likely to see an update to the dictionary information after adding the new RADIUS dictionary.
08/29/2011 09:51:03 Number of dictionaries in saved file does not match number in directory 08/29/2011 09:51:03 Opening saved dictionary file 08/29/2011 09:51:03 Successfully initialized saved-dcts.bin file 08/29/2011 09:51:03 Starting dictionary file processing ... 08/29/2011 09:51:10 Writing dictionary info to saved dictionary 08/29/2011 09:51:11 Successfully wrote dictionary information to saved-dcts.bin 08/29/2011 09:51:11 Closing saved dictionary file 08/29/2011 09:51:11 Successfully created and closed saved-dcts.bin 08/29/2011 09:51:11 Concluded dictionary file processing
- When configuring the RADIUS Clients there will be a new Make/model type called Fortinet which will allow vendor-specific attributes to be selected in the Return List of Attributes for RADIUS profiles in the RSA Security Console.
Related Articles
Adding a Palo Alto RADIUS dictionary to RSA RADIUS for RSA Authentication Manager 8.x Number of Views RSA Authentication Manager services failed to start after activating a new console certificate Number of Views Installing a new license on RSA Authentication Manager Number of Views Migrating an RSA Authentication Manager 8.x deployment to a new location with different network settings Number of Views Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Announces Critical Security Updates for RSA ID Plus Components - RSA Authentication Manager and RSA Identity Router How to configure RSA Authentication Manager 8.1, 8.2, 8.3 to send data to multiple remote syslog servers RSA MFA Agent 9.0 for PAM - Installation and Configuration Guide for Oracle Linux RHEL Ubuntu CentOS and Rocky Linux Configure Logging
