(RADIATOR) dumb question about "Radius::AuthFILE looks for match with []"
Andrew Fort
afort at choqolat.org
Mon Jan 9 18:27:12 CST 2006
Okay so I have a dumb question, but I can't work this out.
I'm trying to test a very basic AuthFILE based <ServerTACACPLUS> stanza.
I have a much more complex configuration, using {Auth,Acct}BySQL
working on other hosts.
I'm using the Radiator-3.13 included goodies/tacacsplusserver.cfg file
(ONLY change is the tacacs+ shared Key), and the included two users from
the demo users file, just incase i'm being extra dumb. I've removed the
'tacacsgroup' reply attribute as it's not defined in the dictionary
(though it appears that internally added attributes don't need to be
defined in the dictionary?).
--users file--
tacuser1 User-Password=tacuser1
tacuser2 User-Password=tacuser2
--users file--
So, when I run the radiusd, and attempt to login from the cisco using
'tacuser1' and 'tacuser1', I get this:
--log--
# /usr/local/bin/radiusd -config_file /tmp/tacacsplusserver.cfg
Tue Jan 10 11:19:19 2006: DEBUG: Creating TACACSPLUS port 0.0.0.0:49
Tue Jan 10 11:19:19 2006: DEBUG: Finished reading configuration file
'/tmp/tacacsplusserver.cfg'
Tue Jan 10 11:19:19 2006: DEBUG: Reading dictionary file './dictionary'
Tue Jan 10 11:19:20 2006: NOTICE: Server started: Radiator 3.13 on box3.lab
Tue Jan 10 11:19:22 2006: DEBUG: New TacacsplusConnection created for
192.168.1.34:62098
Tue Jan 10 11:19:22 2006: DEBUG: TacacsplusConnection request 192, 1, 1,
0, 1803428813, 25
Tue Jan 10 11:19:22 2006: DEBUG: TacacsplusConnection Authentication
START 1, 1, 1 for , tty2, 192.168.1.253
Tue Jan 10 11:19:22 2006: DEBUG: TacacsplusConnection Authentication
REPLY 4, 0, Username: ,
Tue Jan 10 11:19:27 2006: DEBUG: TacacsplusConnection request 192, 1, 3,
0, 1803428813, 13
Tue Jan 10 11:19:27 2006: DEBUG: TacacsplusConnection Authentication
CONTINUE 0, tacuser1,
Tue Jan 10 11:19:27 2006: DEBUG: TacacsplusConnection Authentication
REPLY 5, 1, Password: ,
Tue Jan 10 11:19:28 2006: DEBUG: TacacsplusConnection request 192, 1, 5,
0, 1803428813, 13
Tue Jan 10 11:19:28 2006: DEBUG: TacacsplusConnection Authentication
CONTINUE 0, tacuser1,
Tue Jan 10 11:19:28 2006: DEBUG: TACACSPLUS derived Radius request
packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <243>J<217>F<210><0>)a<129>?;<154>n<220><131><25>
Attributes:
NAS-IP-Address = 192.168.1.34
NAS-Port-Id = "tty2"
Calling-Station-Id = "192.168.1.253"
Service-Type = Login-User
NAS-Identifier = "TACACS"
User-Name = "tacuser1"
User-Password = tacuser1
Tue Jan 10 11:19:28 2006: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Jan 10 11:19:28 2006: DEBUG: Deleting session for , 192.168.1.34,
Tue Jan 10 11:19:28 2006: DEBUG: Handling with Radius::AuthFILE:
Tue Jan 10 11:19:28 2006: DEBUG: Radius::AuthFILE looks for match with []
Tue Jan 10 11:19:28 2006: DEBUG: Radius::AuthFILE REJECT: No such user: []
Tue Jan 10 11:19:28 2006: DEBUG: Reading users file ./users
Tue Jan 10 11:19:28 2006: DEBUG: AuthBy FILE result: REJECT, No such user
Tue Jan 10 11:19:28 2006: INFO: Access rejected for : No such user
Tue Jan 10 11:19:28 2006: DEBUG: TacacsplusConnection result Access-Reject
Tue Jan 10 11:19:28 2006: DEBUG: TacacsplusConnection Authentication
REPLY 2, 0, ,
Tue Jan 10 11:19:28 2006: DEBUG: TacacsplusConnection disconnected from
192.168.1.34:62098
Tue Jan 10 11:19:30 2006: DEBUG: New TacacsplusConnection created for
192.168.1.34:11338
Tue Jan 10 11:19:30 2006: DEBUG: TacacsplusConnection request 192, 1, 1,
0, 1102023088, 25
Tue Jan 10 11:19:30 2006: DEBUG: TacacsplusConnection Authentication
START 1, 1, 1 for , tty2, 192.168.1.253
Tue Jan 10 11:19:30 2006: DEBUG: TacacsplusConnection Authentication
REPLY 4, 0, Username: ,
Tue Jan 10 11:20:01 2006: DEBUG: TacacsplusConnection disconnected from
192.168.1.34:11338
--log--
Note the line "Tue Jan 10 11:19:28 2006: DEBUG: Radius::AuthFILE looks
for match with []".
What's going wrong? Why isn't AuthFILE seeing the username?
Using AuthTEST works fine.
Cheers,
Andrew
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list