(RADIATOR) Re:
Mike McCauley
mikem at open.com.au
Wed Mar 1 19:09:52 CST 2006
Hello Christoph,
On Thursday 02 March 2006 01:01, Christoph Schmidt wrote:
> Dear all,
>
> as a newbie on this list I don't know if this issue has been in this list
> before... (I haven't found anything about this)
> We have a working environment with the Radiator RADIUS server. In our
> configuration all users authenticating e.g. on a Cisco router retrieve a
> PreClientHook: PreClientHook file:"%D/setAreaRealm"
> Now we extended the system with the TACACS+ server and it seems that the
> PreClientHook is not working.
Server TACACSPLUS does not support PreClientHook. However, it does support
PreHandlerHook, so perhaps you can put your hook there. See the reference
manual for more details http://www.open.com.au/radiator/ref.pdf.
Cheers.
> For Authentication purposes an "AreaRealm"
> will be added to the userID like user at realm1. Authenticating at the NAS
> with user at realm will have a successful authentication, but authorization on
> the device itself will fail. Logs:
> ###########################################################################
>######## 1. RADIUS Authentication:
> Wed Mar 1 14:38:54 2006: INFO: radius-auth: accept to xx.xx.xx.xx from
> 0.0.0.0 by cschmidt realm nms profile oper
> ###########################################################################
>######## 2a. TACACS+ Authentication without @realm1:
> Wed Mar 1 14:27:08 2006: INFO: radius-auth: reject to xx.xx.xx.xx from
> yy.yy.yy.yy by NAS_xy realm Wed Mar 1 14:27:08 2006: INFO: Access rejected
> for a45100: No such user
> ###########################################################################
>######## 2b. TACACS+ Authentication with @realm1:
> Wed Mar 1 14:28:03 2006: INFO: radius-auth: accept to 10.9.9.254 from
> 10.9.9.132 by a45100 realm nms profile admin ---------------------
> Username: a45100 at ger
>
> Translating "ger"
>
> Password:
>
> % Authorization failed.
>
> Connection closed by foreign host.
> ------------------------
> ###########################################################################
>######## 3. TACACS+ Authentication with @realm1 and tacacsplustest-utility
> ------------------------
> server:/tmp/Radiator-3.14/goodies # ./tacacsplustest -key tacacstest -user
> cschmidt at ger -password "veryverysecret" sending Authentication request...
> OK
> sending Authorization request...
> OK
> sending Accounting request...
> Received incorrect response type: 1
> -------------------------
> Log:
> Wed Mar 1 15:29:32 2006: INFO: radius-auth: accept to 127.0.0.1 from
> testclient by cschmidt realm ger profile oper
> ###########################################################################
>########
>
> Any ideas or help would be very appreciated...
>
> best regards
>
> Ch. Schmidt
>
>
>
> ___________________________________________________
>
> Christoph Schmidt
> Security Consultant
> Competence Center Security
>
> Controlware GmbH
> Waldstrasse 92, 63128 Dietzenbach, Germany
> Tel.: +49 6074 - 858-619
> Fax: +49 6074 - 858-318
> christoph.schmidt at controlware.de
> www.controlware.de
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list