Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Anonymous
Not applicable

Created on ‎03-02-2022 11:04 AM Edited on ‎03-02-2022 11:16 AM

Article Id 205919

Troubleshooting Tip : FortiNAC Local Radius not starting with error 'Errors reading /etc/raddb/dictionary: dict_init:'

Description This article describes how to solve one of the cases where the local radius does not start in FortiNAC.
Scope 8.8.x, 9.1.x, 9.2.x
Solution

In this case, indicators of this failure condition can be checked in the GUI status and on the local radius service logs 

 

a)Retrieving the radius logs from FNAC CLI 

 

#cd /var/log/radius
#cat radius.log

 

b)  The related error that would appear in the logs would be:


radiusd[16323]: Starting - reading configuration files ...
[16323]: Errors reading /etc/raddb/dictionary: dict_init: /etc/raddb/dictionary.sitelocal[9]: Invalid attribute identifier: Number '999' out of allowed range in attribute identifier
F systemd[1]: radiusd.service: control process exited, code=exited status=1
F: Failed to start FreeRADIUS multi-protocol policy server (Persistent).
-- Subject: Unit radiusd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit radiusd.service has failed.
--
-- The result is failed.

 

Solution: The solution for this error would be to reinstall the local radius packages. This procedure requires internet access for the FNAC instance. Steps to reinstall  local radius package:

 

-FNAC GUI: Settings→Local RADIUS Settings: Disable radius service
-CLI: Uninstall all radius packages: yum -y remove "freeradius*"
-CLI: Confirm no radius packages are returned by: rpm -qa | grep radius
-Restart the Fnac server - this will automatically re-install and configure free radius 

-CLI command to restart FNAC would be: restartNAC
-CLI: Confirm radius packages are again installed by: rpm -qa | grep radius
freeradius-3.0.21-1.x86_64
freeradius-config-3.0.21-1.x86_64
freeradius-mysql-3.0.21-1.x86_64
freeradius-rest-3.0.21-1.x86_64
-FNAC GUI: Confirm in Settings→Local RADIUS Settings that service is enabled/running in Service
Status
-Re-test authentication

 

Note: This procedure should be applied if the error mentioned above in bold font is seen, or if advised by TAC. Please do not apply the procedure in other cases without priorly advising with TAC or a Fortinet Partner.

 

 

Related articles.

 

https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Troubleshoot-and-Debug-FortiNAC-Local...

 

https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-FortiNAC-Local-Radius-Debug-amp/ta-p/...

 

https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Local-RADIUS-log-message-examples/ta-...
Labels:
1285
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.