SBR RADIUS returning a string attribute with an additional character in the Access-Accept packet

3 years ago

Originally Published: 2022-04-07

Article Number

000067886

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.5

Issue

- After configuring a RADIUS profile for a certain Return Attribute, the authentication is successful. However, the packet capture shows the attribute returned having an additional character at its end.
- The first capture shown below is for a test environment, while the second one is from the RSA RADIUS server. An additional byte was introduced "Null Character".

Cause

- In Steel-Belted Radius, the NoNullTermination flag in the radius.ini configuration file allows return attributes to be sent with a null character at its end if set to 0.
- By default, its value is set to 0.

Resolution

1. Log in to the Operations Console of the primary server.
2. From Deployment Configuration > RADIUS Servers
3. When prompted, enter the Super Admin credentials.
4. Navigate to the Server Name > Manage Server Files.
3. In the Configuration Files tab, edit radius.ini.
4. Navigate to the NoNullTermination parameter, remove the comment ";" and change its value to 1
5. Save and restart the RADIUS service.
6. The Return Attribute is shown as it is with no additional characters.
7. Repeat steps 1-5 for every RADIUS replica server in your deployment.

Workaround

N/A

Notes

N/A

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles