(RADIATOR) RE: Trouble getting Tacacs to work

Hugh Irvine hugh at open.com.au
Thu Oct 21 21:48:09 CDT 2004 

Hello Patrick -

Many thanks.

regards

Hugh


On 22 Oct 2004, at 10:57, Patrik Forsberg wrote:

>> Hi Patrick -
>>
>> Perhaps you could share an example with us?
>
> Yes, ofcourse :)
>
> The only error I was doing was not understanding the option
> "GroupMemberAttr".. but ok.. an example..
>
> in the config file.. in my case radius.cfg:
> -- begin --
> <ServerTACACSPLUS>
>         Key SomeSecretKeyOnlyYouKnowAbout
>         AddToRequest NAS-Identifier=TACACS
>
>         # Groups
>         GroupMemberAttr RouterGroup
>
>         # Group: user gives privilige level 1
>         GroupAuthAttr user priv-lvl=1
>         CommandAuth user permit .*
>
>         # Group: manager gives privilige level 7
>         GroupAuthAttr manager priv-lvl=7
>         CommandAuth manager permit .*
>
>         # Group: SecurityOfficer gives privilige level 15
>         GroupAuthAttr securityofficer priv-lvl=15
>         CommandAuth securityofficer permit .*
> </ServerTACACSPLUS>
>
> <Realm DEFAULT>
>         <AuthBy DBFILE>
>                 Filename %D/tacacs-users
>         </AuthBy>
> </Realm>
> --  end  -- 
>
> in the file tacacs-users:
> -- begin --
> test    Password = "{MD5}098f6bcd4621d373cade4e832627b4f6", Time =
> "Wk0800-1800"
>         RouterGroup = "user",
>         Session-timeout="until Time"
> --  end  -- 
>
> As I'm aculy using this against equipment that doesn't honor the
> "CommandAuth" option I'm just setting them as placeholders .. and after
> looking over it now I dont think I really need the NAS-Identifier ether
> ;)
>
> The "GroupMemberAttr" aculy defines what the attribute will be in the
> users file for specifying which group the user belongs to.
>
> Best Regards,
> Patrik
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list