(RADIATOR) TACACS disconnect during AuthByRADIUS proxy (bug?)

[Patrick, Robert]

Hello!

We are running the latest 3.14 with consolidated patches as of May 18.

Setup is with Radiator acting as TACACS server, which proxies
authentication for users logging into Cisco devices, sending
authentication requests via RADIUS to an RSA SecurID RADIUS server so we
can use our 2-factor tokens for login access to Cisco routers and
switches.

I'm getting a lot of intermittent failures, where the Cisco device
prompts a second time for password.  Generally quitting the login
session, and trying again will result in a successful "normal" login.

After running with trace set to 4, it looks like a TACACS session
disconnect in the middle of the RADIUS back-and-forth (send
access-request, receive access-accept) during those times when the login
breaks, causing the Cisco device to prompt a second time for password.

The specific event is:

<timestamp> DEBUG: TacacsplusConnection disconnected from
<ip_address:port>


Any ideas on a fix for this behavior?



Log extract below:

Mon May 22 21:03:41 2006: DEBUG: Handling with Radius::AuthRADIUS
Mon May 22 21:03:41 2006: DEBUG: Packet dump:
*** Sending to 192.168.73.100 port 1645 ....
Code:       Access-Request
Identifier: 2
Authentic:  <cropped>
Attributes:
        NAS-IP-Address = 192.168.35.189
        NAS-Port-Id = "tty450"
        Calling-Station-Id = "192.168.61.99"
        Service-Type = Login-User
        User-Name = "username"
        User-Password = <cropped>

Mon May 22 21:03:41 2006: DEBUG: Radius::AuthFILE IGNORE: : username
[username]
Mon May 22 21:03:41 2006: DEBUG: AuthBy FILE result: IGNORE, 
Mon May 22 21:03:44 2006: DEBUG: TacacsplusConnection disconnected from
192.168.35.189:64332
Mon May 22 21:03:45 2006: DEBUG: Packet dump:
*** Received from 192.168.73.100 port 1645 ....
Code:       Access-Accept
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060522/5516543e/attachment.html>