(RADIATOR) AAA issue. Cisco not forwarding Accounting packets to Syslog

Hugh Irvine hugh at open.com.au
Thu Jul 26 18:12:17 CDT 2001


Hello Colin -

This is the mailing list for the Radiator radius server from Open System 
Consultants, and I doubt that many people here use Tacacs+.

We are happy to answer any questions you might have regarding Radiator.

regards

Hugh


On Friday 27 July 2001 03:09, Colin D. Easton wrote:
> Hi all,
>
> Here's a template AAA config on our Cisco 3662:
>
> aaa new-model
>
> radius-server host  10.0.0.1  auth-port 1812  acct-port 1813 key secret
> radius-server retransmit 3     !
> radius-server timeout  6       !  default = 5 seconds
> radius-server deadtime 1       ! default = ? minutes
>
> tacacs-server host 10.0.0.1 key secret
> tacacs-server timeout 6        ! default
>
> aaa authentication login   default radius local
> aaa authentication login   NO_AUTHEN none
> aaa authentication enable default group radius enable
>
>
> aaa authorization network         default group radius if-authenticated
> aaa authorization exec               default group  radius
> if-authenticated
> aaa authorization exec               NO_AUTHEN
> aaa accounting exec               default start-stop tacacs+
> aaa accounting commands 0  default start-stop tacacs+
> aaa accounting commands 1  default start-stop tacacs+
> aaa accounting commands 12 default start-stop tacacs+
> aaa accounting commands 14 default start-stop tacacs+
> aaa accounting commands 15 default start-stop tacacs+
> aaa accounting network          default start-stop tacacs+
> aaa accounting connection     default start-stop tacacs+
> aaa accounting system            default start-stop tacacs+
>
> line con 0
> login authorization  NO_AUTHEN
>
> We're attempting to log commands to our Tac_Plus daemon on our Auth
> server.
> We get the start/stop records for 'logins' to the cisco router but only
> stop records for the commands.  We do not get the command which is in
> the AAA/Acct record but not the TAC+ record on the Cisco.
> I.E. We're supposed to have the AAA record on syslog:
>
> ....
> 10.0.0.2     root        tty0    async   stop    server=authsvr
> time=18:10:02
> date=04/17/2000       task_id=52      timezone=CST    service=shell
> priv-lvl=15
> cmd=configure terminal <cr>
> ....
>
> but we don't get the "cmd=<command>" field above which is
> wrong/incorrect.
>
> AN AAA debug shows the proper record has been created/formatted and
> passed to TAC+:
>
> ....
> *Apr 17 18:14:45.722 CST: AAA/ACCT/CMD: User root, Port tty0, Priv 15:
>
>          "configure terminal <cr>"
>
> *Apr 17 18:14:45.722 CST: AAA/ACCT/CMD: Found list "default"
>
> *Apr 17 18:14:45.726 CST: AAA/ACCT: user root, acct type 3 (1057208544):
>
> Method=tacacs+ (tacacs+)
>
> *Apr 17 18:14:45.930 CST: TAC+: (1057208544): received acct response
> status = SUCCESS
> ....
>
>
> Anyone have any exposure/experience here? Please advise.
>
> Colin
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list