(RADIATOR) Issues with the TACPLUS Server

Mike McCauley mikem at open.com.au
Thu Dec 6 04:17:11 CST 2007


Patrik,

On Thursday 06 December 2007 20:09, Patrik Forsberg wrote:
> Hi,

> Mmh.. think I finally nailed it!
>
> Not Working config
> "
> GroupAuthAttr group1 priv-lvl=15
> AuthorizeGroup group1 permit service=shell cmd\* {priv-lvl=15}
> AuthorizeGroup group1 permit service=junos-exec {local-user-name=group1}
> AuthorizeGroup group1 permit service=shell cmd= {priv-lvl=15}
> AuthorizeGroup group1 permit .*
> "
>
> Working config
> "
> AuthorizeGroup group1 permit service=shell cmd\* {priv-lvl=15}
> AuthorizeGroup group1 permit service=junos-exec {local-user-name=group1}
> AuthorizeGroup group1 permit service=shell cmd= {priv-lvl=15}
> AuthorizeGroup group1 permit .*
> "
>
> Seems to be GroupAuthAttr that screwed my config up, not AuthorizeGroup
> it self!
>
> Strange thing is I don't see it in the config I sent you to begin with..
> and that is a copy of the config I used, promise!
>
> <thinking>
> ..
> ..
> </thinking>
>
> Yea.. perhaps I know what it is.
> In the original setup I set '' AddToReplyIfNotExist
> cisco-avpair="priv-lvl=15" '' but now I do not..

That would explain it.
Ill stop looking.

Cheers.

>
> Regards,
> Patrik
>
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: Thursday, December 06, 2007 10:51 AM
> > To: Patrik Forsberg
> > Cc: radiator at open.com.au
> > Subject: Re: (RADIATOR) Issues with the TACPLUS Server
> >
> > Hello Patrik,
> >
> > Thanks for your reply. We still dont understand why your system is
> > behaving
> > that way: we cant reproduce it. Though we notice that there is soem
> > configuration of yours that we havent seen yet:
> > you have this in your ServerTACACSPLUS config:
> >
> > Include /etc/radiator-test/radius.tacacs.local.cfg
> >
> > Could that be relevant?
> >
> > Cheers.
> >
> > On Thursday 06 December 2007 19:04, Patrik Forsberg wrote:
> > > Hi,
> > >
> > > Guess you got my original mail too ;)
> > >
> > > I run on two FreeBSD 6.2 and a 5.2 all running perl 5.8.8 with
> > > appropriate cpan modules and Radiator 3.17.1 with the latest patches
> >
> > up
> >
> > > till 2007-10-11.
> > >
> > > After looking at the code yesterday I notice you do different things
> > > between CommandAuth and AuthorizeGroup. In the deprecated code you
> > > treated a single command differently then if you get a attribute
> > > attached to the command in AuthorizeGroup you use the same routine
>
> no
>
> > > matter if it has a attribute or not, I am not sure but it could be a
> > > clue to the behavior I'm seeing ?
> > >
> > > Referring to line 708-718 for the new code and 759-762,776-782 of
> > > ServerTACPLUS.pm. This is the only thing I could find that actually
> > > differ the two commands from each other that would affect my
>
> problem.
>
> > > I've only tried this out on Cisco so I don't know if any other
> >
> > hardware
> >
> > > shows the same behavior or not.
> > >
> > > Best Regards,
> > > Patrik
> > >
> > > > -----Original Message-----
> > > > From: Mike McCauley [mailto:mikem at open.com.au]
> > > > Sent: Thursday, December 06, 2007 1:11 AM
> > > > To: Patrik Forsberg
> > > > Cc: radiator at open.com.au
> > > > Subject: Re: (RADIATOR) Issues with the TACPLUS Server
> > > >
> > > > Hello Patrik,
> > > >
> > > > Thanks for the detailed logs.
> > > > We still have not been able to reproduce this.
> > > > We note a comment in the relevant source:
> > > >
> > > >     # Hmmm. funny behaviour remembering the value of @reply_pairs
> >
> > from
> >
> > > > call to
> > > > call
> > > >     # on perl 5.8.5
> > > >
> > > > and its @reply_pairs that is the relveant thing in your case.
> > > >
> > > > What version of perl are you running? On what platform?
> > > >
> > > > Cheers.
> > > >
> > > > On Wednesday 05 December 2007 02:51, Patrik Forsberg wrote:
> > > > > Hi,
> > > > >
> > > > > I've been trying to convert our old Cisco enabled Radiator
>
> Tacacs
>
> > > > > configuration from the old Depricated "CommandAuth" format to
>
> the
>
> > > > newer
> > > >
> > > > > "AuthorizeGroup" format but I've ran into a feature that is
>
> quite
>
> > > > > unwanted.
> > > > >
> > > > > First off the configuration I have works on all my current
> >
> > hardware
> >
> > > > but
> > > >
> > > > > we need the features that the AuthorizeGroup gives.
> > > > > Everything works great exept on cisco boxes. Besides I don't
>
> like
>
> > > the
> > >
> > > > > idea to use configuration that will be gone in some future
> >
> > release.
> >
> > > > > Atleast our old Cisco 7200 seem to not like the new format.
> > > > >
> > > > > I've done some debugging and the only differens I can see is
>
> that
>
> > > > there
> > > >
> > > > > are one difference between the new and old format
> > > > >
> > > > > Level 4 debug log on the
> > > > >
> > > > > Old Format
> > > > > "
> > > > > Tue Dec  4 17:25:10 2007: DEBUG: New TacacsplusConnection
>
> created
>
> > > for
> > >
> > > > > 212.37.9.27:16082
> > > > > Tue Dec  4 17:25:11 2007: DEBUG: TacacsplusConnection request
>
> 192,
>
> > > 2,
> > >
> > > > 1,
> > > >
> > > > > 0, 3787464609, 87
> > > > > Tue Dec  4 17:25:11 2007: DEBUG: TacacsplusConnection
> >
> > Authorization
> >
> > > > > REQUEST 6, 1, 1, 1, paddy, tty2, 83.145.30.2, 4, service=shell
> > > >
> > > > cmd=show
> > > >
> > > > > cmd-arg=running-config cmd-arg=<cr>
> > > > > Tue Dec  4 17:25:11 2007: DEBUG: TacacsplusConnection
> >
> > Authorization
> >
> > > > > RESPONSE 1, , ,
> > > > > Tue Dec  4 17:25:11 2007: DEBUG: TacacsplusConnection
>
> disconnected
>
> > > > from
> > > >
> > > > > 212.37.9.27:16082
> > > > > "
> > > > >
> > > > > New Format
> > > > > "
> > > > > Tue Dec  4 17:26:08 2007: DEBUG: New TacacsplusConnection
>
> created
>
> > > for
> > >
> > > > > 212.37.9.27:16085
> > > > > Tue Dec  4 17:26:08 2007: DEBUG: TacacsplusConnection request
>
> 192,
>
> > > 2,
> > >
> > > > 1,
> > > >
> > > > > 0, 1625861, 87
> > > > > Tue Dec  4 17:26:08 2007: DEBUG: TacacsplusConnection
> >
> > Authorization
> >
> > > > > REQUEST 6, 1, 1, 1, paddy, tty2, 83.145.30.2, 4, service=shell
> > > >
> > > > cmd=show
> > > >
> > > > > cmd-arg=running-config cmd-arg=<cr>
> > > > > Tue Dec  4 17:26:08 2007: DEBUG: AuthorizeGroup rule match
>
> found:
> > > > permit
> > > >
> > > > > .* {  }
> > > > > Tue Dec  4 17:26:08 2007: INFO: Authorization permitted for
>
> paddy,
>
> > > > group
> > > >
> > > > > securityofficer, args service=shell cmd=show cmd-arg=running-
> >
> > config
> >
> > > > > cmd-arg=<cr>
> > > > > Tue Dec  4 17:26:08 2007: DEBUG: TacacsplusConnection
> >
> > Authorization
> >
> > > > > RESPONSE 1, , , priv-lvl=15
> > > > > Tue Dec  4 17:26:08 2007: DEBUG: TacacsplusConnection
>
> disconnected
>
> > > > from
> > > >
> > > > > 212.37.9.27:16085
> > > > > "
> > > > >
> > > > >
> > > > > Notice the little "priv-lvl=15" on the end of the last RESPONSE
>
> ?
>
> > > > > That's the only thing I can see that is different between the
>
> two
>
> > > > > formats.
> > > > >
> > > > > Cisco debugs--
> > > > >
> > > > > Old Format
> > > > > "
> > > > > Dec  4 11:21:10.860 MET: tty3 AAA/AUTHOR/CMD (3753599229):
> > >
> > > Port='tty3'
> > >
> > > > > list='' service=CMD
> > > > > Dec  4 11:21:10.860 MET: AAA/AUTHOR/CMD: tty3 (3753599229)
> > > >
> > > > user='paddy'
> > > >
> > > > > Dec  4 11:21:10.860 MET: tty3 AAA/AUTHOR/CMD (3753599229): send
>
> AV
>
> > > > > service=shell
> > > > > Dec  4 11:21:10.860 MET: tty3 AAA/AUTHOR/CMD (3753599229): send
>
> AV
>
> > > > > cmd=show
> > > > > Dec  4 11:21:10.860 MET: tty3 AAA/AUTHOR/CMD (3753599229): send
>
> AV
>
> > > > > cmd-arg=running-config
> > > > > Dec  4 11:21:10.860 MET: tty3 AAA/AUTHOR/CMD (3753599229): send
>
> AV
>
> > > > > cmd-arg=<cr>
> > > > > Dec  4 11:21:10.860 MET: tty3 AAA/AUTHOR/CMD (3753599229): found
> > >
> > > list
> > >
> > > > > "default"
> > > > > Dec  4 11:21:10.864 MET: tty3 AAA/AUTHOR/CMD (3753599229):
> > > > > Method=tacacs+ (tacacs+)
> > > > > Dec  4 11:21:10.864 MET: AAA/AUTHOR/TAC+: (3753599229):
>
> user=paddy
>
> > > > > Dec  4 11:21:10.864 MET: AAA/AUTHOR/TAC+: (3753599229): send AV
> > > > > service=shell
> > > > > Dec  4 11:21:10.864 MET: AAA/AUTHOR/TAC+: (3753599229): send AV
> > > >
> > > > cmd=show
> > > >
> > > > > Dec  4 11:21:10.864 MET: AAA/AUTHOR/TAC+: (3753599229): send AV
> > > > > cmd-arg=running-config
> > > > > Dec  4 11:21:10.864 MET: AAA/AUTHOR/TAC+: (3753599229): send AV
> > > > > cmd-arg=<cr>
> > > > > Dec  4 11:21:10.864 MET: TAC+: using previously set server
> > > >
> > > > 212.37.0.171
> > > >
> > > > > from group tacacs+
> > > > > Dec  4 11:21:10.864 MET: TAC+: Opening TCP/IP to 212.37.0.171/49
> > > > > timeout=5
> > > > > Dec  4 11:21:10.864 MET: TAC+: Opened TCP/IP handle 0x621DC9D4
>
> to
>
> > > > > 212.37.0.171/49 using source 212.37.9.27
> > > > > Dec  4 11:21:10.864 MET: TAC+: Opened 212.37.0.171 index=1
> > > > > Dec  4 11:21:10.864 MET: TAC+: periodic timer started
> > > > > Dec  4 11:21:10.864 MET: TAC+: 212.37.0.171 req=620BD880 Qd
> > > > > id=3753599229 ver=192 handle=0x621DC9D4 (ESTAB) expire=5
> > >
> > > AUTHOR/START
> > >
> > > > > queued
> > > > > Dec  4 11:21:10.868 MET: TAC+: 212.37.0.171 (3753599229)
> > >
> > > AUTHOR/START
> > >
> > > > > queued
> > > > > Dec  4 11:21:10.964 MET: TAC+: 212.37.0.171 ESTAB id=3753599229
> > >
> > > wrote
> > >
> > > > 99
> > > >
> > > > > of 99 bytes
> > > > > Dec  4 11:21:10.964 MET: TAC+: 212.37.0.171 req=620BD880 Qd
> > > > > id=3753599229 ver=192 handle=0x621DC9D4 (ESTAB) expire=4
> > >
> > > AUTHOR/START
> > >
> > > > > sent
> > > > > Dec  4 11:21:11.064 MET: TAC+: 212.37.0.171 ESTAB read=12
> >
> > wanted=12
> >
> > > > > alloc=12 got=12
> > > > > Dec  4 11:21:11.064 MET: TAC+: 212.37.0.171 ESTAB read=18
> >
> > wanted=18
> >
> > > > > alloc=18 got=6
> > > > > Dec  4 11:21:11.064 MET: TAC+: 212.37.0.171 received 18 byte
>
> reply
>
> > > for
> > >
> > > > > 620BD880
> > > > > Dec  4 11:21:11.064 MET: TAC+: req=620BD880 Tx id=3753599229
> >
> > ver=192
> >
> > > > > handle=0x621DC9D4 (ESTAB) expire=4 AUTHOR/START processed
> > > > > Dec  4 11:21:11.064 MET: TAC+: (3753599229) AUTHOR/START
>
> processed
>
> > > > > Dec  4 11:21:11.064 MET: TAC+: periodic timer stopped (queue
> >
> > empty)
> >
> > > > > Dec  4 11:21:11.064 MET: TAC+: (3753599229): received author
> > >
> > > response
> > >
> > > > > status = PASS_ADD
> > > > > Dec  4 11:21:11.064 MET: TAC+: Closing TCP/IP 0x621DC9D4
> >
> > connection
> >
> > > to
> > >
> > > > > 212.37.0.171/49
> > > > > Dec  4 11:21:11.064 MET: AAA/AUTHOR (3753599229): Post
> >
> > authorization
> >
> > > > > status = PASS_ADD
> > > > > "
> > > > >
> > > > > New Format
> > > > > "
> > > > > Dec  4 11:19:42.357 MET: tty3 AAA/AUTHOR/CMD (2448089756):
> > >
> > > Port='tty3'
> > >
> > > > > list='' service=CMD
> > > > > Dec  4 11:19:42.357 MET: AAA/AUTHOR/CMD: tty3 (2448089756)
> > > >
> > > > user='paddy'
> > > >
> > > > > Dec  4 11:19:42.357 MET: tty3 AAA/AUTHOR/CMD (2448089756): send
>
> AV
>
> > > > > service=shell
> > > > > Dec  4 11:19:42.357 MET: tty3 AAA/AUTHOR/CMD (2448089756): send
>
> AV
>
> > > > > cmd=show
> > > > > Dec  4 11:19:42.357 MET: tty3 AAA/AUTHOR/CMD (2448089756): send
>
> AV
>
> > > > > cmd-arg=running-config
> > > > > Dec  4 11:19:42.357 MET: tty3 AAA/AUTHOR/CMD (2448089756): send
>
> AV
>
> > > > > cmd-arg=<cr>
> > > > > Dec  4 11:19:42.357 MET: tty3 AAA/AUTHOR/CMD (2448089756): found
> > >
> > > list
> > >
> > > > > "default"
> > > > > Dec  4 11:19:42.357 MET: tty3 AAA/AUTHOR/CMD (2448089756):
> > > > > Method=tacacs+ (tacacs+)
> > > > > Dec  4 11:19:42.357 MET: AAA/AUTHOR/TAC+: (2448089756):
>
> user=paddy
>
> > > > > Dec  4 11:19:42.357 MET: AAA/AUTHOR/TAC+: (2448089756): send AV
> > > > > service=shell
> > > > > Dec  4 11:19:42.357 MET: AAA/AUTHOR/TAC+: (2448089756): send AV
> > > >
> > > > cmd=show
> > > >
> > > > > Dec  4 11:19:42.357 MET: AAA/AUTHOR/TAC+: (2448089756): send AV
> > > > > cmd-arg=running-config
> > > > > Dec  4 11:19:42.357 MET: AAA/AUTHOR/TAC+: (2448089756): send AV
> > > > > cmd-arg=<cr>
> > > > > Dec  4 11:19:42.357 MET: TAC+: using previously set server
> > > >
> > > > 212.37.0.171
> > > >
> > > > > from group tacacs+
> > > > > Dec  4 11:19:42.357 MET: TAC+: Opening TCP/IP to 212.37.0.171/49
> > > > > timeout=5
> > > > > Dec  4 11:19:42.361 MET: TAC+: Opened TCP/IP handle 0x621E52B0
>
> to
>
> > > > > 212.37.0.171/49 using source 212.37.9.27
> > > > > Dec  4 11:19:42.361 MET: TAC+: Opened 212.37.0.171 index=1
> > > > > Dec  4 11:19:42.361 MET: TAC+: periodic timer started
> > > > > Dec  4 11:19:42.361 MET: TAC+: 212.37.0.171 req=6238E368 Qd
> > > > > id=2448089756 ver=192 handle=0x621E52B0 (ESTAB) expire=5
> > >
> > > AUTHOR/START
> > >
> > > > > queued
> > > > > Dec  4 11:19:42.361 MET: TAC+: 212.37.0.171 (2448089756)
> > >
> > > AUTHOR/START
> > >
> > > > > queued
> > > > > Dec  4 11:19:42.461 MET: TAC+: 212.37.0.171 ESTAB id=2448089756
> > >
> > > wrote
> > >
> > > > 99
> > > >
> > > > > of 99 bytes
> > > > > Dec  4 11:19:42.461 MET: TAC+: 212.37.0.171 req=6238E368 Qd
> > > > > id=2448089756 ver=192 handle=0x621E52B0 (ESTAB) expire=4
> > >
> > > AUTHOR/START
> > >
> > > > > sent
> > > > > Dec  4 11:19:42.561 MET: TAC+: 212.37.0.171 ESTAB read=12
> >
> > wanted=12
> >
> > > > > alloc=12 got=12
> > > > > Dec  4 11:19:42.561 MET: TAC+: 212.37.0.171 ESTAB read=30
> >
> > wanted=30
> >
> > > > > alloc=30 got=18
> > > > > Dec  4 11:19:42.561 MET: TAC+: 212.37.0.171 received 30 byte
>
> reply
>
> > > for
> > >
> > > > > 6238E368
> > > > > Dec  4 11:19:42.561 MET: TAC+: req=6238E368 Tx id=2448089756
> >
> > ver=192
> >
> > > > > handle=0x621E52B0 (ESTAB) expire=4 AUTHOR/START processed
> > > > > Dec  4 11:19:42.561 MET: TAC+: (2448089756) AUTHOR/START
>
> processed
>
> > > > > Dec  4 11:19:42.561 MET: TAC+: periodic timer stopped (queue
> >
> > empty)
> >
> > > > > Dec  4 11:19:42.561 MET: TAC+: (2448089756): received author
> > >
> > > response
> > >
> > > > > status = PASS_ADD
> > > > > Dec  4 11:19:42.561 MET: TAC+: Closing TCP/IP 0x621E52B0
> >
> > connection
> >
> > > to
> > >
> > > > > 212.37.0.171/49
> > > > > Dec  4 11:19:42.561 MET: AAA/AUTHOR (2448089756): Post
> >
> > authorization
> >
> > > > > status = PASS_ADD
> > > > > Dec  4 11:19:42.561 MET: AAA/AUTHOR/CMD Cannot replace commands
> > > > > "
> > > > >
> > > > > Notice the last line ?
> > > > > That seem to screw the whole thing up :(
> > > > >
> > > > > Yes, I know the timestamps between cisco and radiator debug
> >
> > differ..
> >
> > > > one
> > > >
> > > > > can say that it has taken me awhile to get this far!
> > > > >
> > > > >
> > > > > Radiator Config
> > > > >
> > > > > Old Format
> > > > > "
> > > > > # Include local parameters
> > > > > Include /etc/radiator-test/radius.local.cfg
> > > > >
> > > > > <ServerTACACSPLUS>
> > > > >         # Include local tacacs parameters
> > > > >         Include /etc/radiator-test/radius.tacacs.local.cfg
> > > > >
> > > > >         #
> > > > >         AddToRequest NAS-Identifier=TACACS
> > > > >
> > > > >         # Groups
> > > > >         GroupMemberAttr RouterGroup
> > > > >         GroupCacheFile %D/tacacs-users.cache
> > > > >
> > > > >         # Group: SecurityOfficer gives privilige level 15
> > > > >         GroupAuthAttr securityofficer priv-lvl=15
> > > > >         CommandAuth securityofficer permit .*
> > > > > </ServerTACACSPLUS>
> > > > >
> > > > > <Client DEFAULT>
> > > > >         Secret <<--snipped-->>
> > > > > </Client>
> > > > >
> > > > > <Handler Calling-Station-Id =
>
> /(222.122.13.9|82.198.52.20|217.160.216.229|200.74.221.13|211.218.38.51|
>
> > > > > 62.225.4.102|209.16.117.6|60.2
> > > > > 50.127.184)/>
> > > > >         AcctLogFileName %L/acct.denied
> > > > >         <AuthBy INTERNAL>
> > > > >                 DefaultResult   REJECT
> > > > >         </AuthBy>
> > > > > </Handler>
> > > > >
> > > > > <Handler NAS-Port-Id = /tty.*/, User-Name = testuser>
> > > > >         AcctLogFileName %L/acct.admin
> > > > >         <AuthBy DBFILE>
> > > > >                 Filename %D/tacacs-users
> > > > >                 StripFromReply RouterGroup
> > > > >                 AddToReply RouterGroup="securityofficer"
> > > > >                 AddToReplyIfNotExist cisco-avpair="priv-lvl=15"
> > > > >                 AddToReplyIfNotExist cisco-avpair="idletime=15"
> > > > >         </AuthBy>
> > > > > </Handler>
> > > > >
> > > > > <Handler NAS-Port-Id = /mgmt.*/, User-Name = testuser>
> > > > >         AcctLogFileName %L/acct.admin
> > > > >         <AuthBy DBFILE>
> > > > >                 Filename %D/tacacs-users
> > > > >                 StripFromReply RouterGroup
> > > > >                 AddToReply RouterGroup="securityofficer"
> > > > >                 AddToReplyIfNotExist cisco-avpair="priv-lvl=15"
> > > > >                 AddToReplyIfNotExist cisco-avpair="idletime=15"
> > > > >         </AuthBy>
> > > > > </Handler>
> > > > >
> > > > > <Handler>
> > > > >         AcctLogFileName %L/acct.user
> > > > >         <AuthBy DBFILE>
> > > > >                 Filename %D/tacacs-users
> > > > >                 AddToReplyIfNotExist cisco-avpair="idletime=15"
> > > > >         </AuthBy>
> > > > > </Handler>
> > > > > "
> > > > >
> > > > > New Format
> > > > > "
> > > > > # Include local parameters
> > > > > Include /etc/radiator-test/radius.local.cfg
> > > > >
> > > > > <ServerTACACSPLUS>
> > > > >         # Include local tacacs parameters
> > > > >         Include /etc/radiator-test/radius.tacacs.local.cfg
> > > > >
> > > > >         #
> > > > >         AddToRequest NAS-Identifier=TACACS
> > > > >
> > > > >         # Groups
> > > > >         GroupMemberAttr RouterGroup
> > > > >         GroupCacheFile %D/tacacs-users.cache
> > > > >
> > > > >         # Group: SecurityOfficer gives privilige level 15
> > > > >         AuthorizeGroup securityofficer permit service=junos_exec
> > > > > {local-user-name=admins}
> > > > >         AuthorizeGroup securityofficer permit service=shell
>
> cmd\*
>
> > > > > {priv-lvl=15}
> > > > >         AuthorizeGroup securityofficer permit .*
> > > > > </ServerTACACSPLUS>
> > > > >
> > > > > <Client DEFAULT>
> > > > >         Secret <<--snipped-->>
> > > > > </Client>
> > > > >
> > > > > <Handler Calling-Station-Id =
>
> /(222.122.13.9|82.198.52.20|217.160.216.229|200.74.221.13|211.218.38.51|
>
> > > > > 62.225.4.102|209.16.117.6|60.2
> > > > > 50.127.184)/>
> > > > >         AcctLogFileName %L/acct.denied
> > > > >         <AuthBy INTERNAL>
> > > > >                 DefaultResult   REJECT
> > > > >         </AuthBy>
> > > > > </Handler>
> > > > >
> > > > > <Handler User-Name = paddy>
> > > > >         AcctLogFileName %L/acct.admin
> > > > >
> > > > >         # Packet Trace
> > > > >         PacketTrace
> > > > >
> > > > >         # Explain reject
> > > > >         RejectHasReason
> > > > >
> > > > >         <Log FILE>
> > > > >                 Filename %L/paddy-log
> > > > >         </Log>
> > > > >
> > > > >         <AuthBy DBFILE>
> > > > >                 Filename %D/tacacs-users
> > > > >                 AddToReplyIfNotExist cisco-avpair="idletime=15"
> > > > >         </AuthBy>
> > > > > </Handler>
> > > > >
> > > > >
> > > > > <Handler>
> > > > >         AcctLogFileName %L/acct.user
> > > > >
> > > > >         # Explain reject
> > > > >         RejectHasReason
> > > > >
> > > > >         <AuthBy DBFILE>
> > > > >                 Filename %D/tacacs-users
> > > > >                 AddToReplyIfNotExist cisco-avpair="idletime=15"
> > > > >         </AuthBy>
> > > > > </Handler>
> > > > > "
> > > > >
> > > > > The included configuration files only keep ports and that kind
>
> of
>
> > > > > information, nothing that could affect this.
> > > > >
> > > > > I've tried looking throw the ServerTACPLUS.pm but I can't really
> > > >
> > > > figure
> > > >
> > > > > what could be wrong.. quite busy at work to so haven't had much
> >
> > time
> >
> > > > to
> > > >
> > > > > spend on it :P
> > > > >
> > > > > Please help ?
> > > > >
> > > > > ---
> > > > > Regards,
> > > > > Patrik
> > > > >
> > > > >
> > > > > --
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au
> > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > 'unsubscribe radiator' in the body of the message.
> > > >
> > > > --
> > > > Mike McCauley                               mikem at open.com.au
> > > > Open System Consultants Pty. Ltd            Unix, Perl, Motif,
>
> C++,
>
> > > WWW
> > >
> > > > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > > > http://www.open.com.au
> > > > Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> > > >
> > > > Radiator: the most portable, flexible and configurable RADIUS
>
> server
>
> > > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
>
> Emerald,
>
> > > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> > >
> > > TLS,
> > >
> > > > TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
> >
> > --
> > Mike McCauley                               mikem at open.com.au
> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,
>
> WWW
>
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > http://www.open.com.au
> > Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
>
> TLS,
>
> > TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list