(RADIATOR) Client Identifier and TACACS

Hugh Irvine hugh at open.com.au
Sun Feb 3 15:28:52 CST 2008 

Hello Markus -

See my other mail for a discussion regarding Client clauses and TACACS.

regards

Hugh


On 4 Feb 2008, at 02:14, Markus Moeller wrote:

> I also tried to use AddToRequest
>
> <Client 192.168.10.1>
>     TACACSPLUSkey test2
>     AddToRequest Device-Location=Location1
> </Client>
>
> <Handler Device-Location=Location1>
> .
> .
>
> without success. (BTW do I need to add Device-Location to the  
> dictionary file ?  I didn't see an error in debug mode when I  
> didn't add Device-Location to the dictionary)
>
> Thank you
> Markus
>
> ----- Original Message -----
> From: Markus Moeller
> To: radiator at open.com.au
> Sent: Sunday, February 03, 2008 2:26 PM
> Subject: (RADIATOR) Client Identifier and TACACS
>
> I have the following configuration :
>
> .
> <ServerTACACSPLUS>
> .
> .
> </ServerTACACSPLUS>
> .
> <Client 192.168.1.1>
>     TACACSPLUSkey test
>     Identifier Location1
> </Client>
> <Client 192.168.10.1>
>     TACACSPLUSkey test2
>     Identifier Location1
> </Client>
> ...
>
> <Handler Client-Identifier=Location1>
> .
>   AuthBy Server1
> .
> </Handler>
>
> <Handler>
> .
>  AuthBy GlobalServer
> .
> </Handler>
>
>
> but I see on the debug that always the Handler with GlobalServer is  
> selected not the one with Client-identifier. Can I use the  
> Identifier only with Radius not with TACACS+  ?
>
> Sun Feb  3 14:16:28 2008: DEBUG: TACACSPLUS derived Radius request  
> packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <229><11>kl<238><235><230>^<217>?<228>3l<253><243><128>
> Attributes:
>         NAS-IP-Address = 192.168.1.1
>         NAS-Port-Id = "tty18"
>         Calling-Station-Id = "192.168.20.1"
>         Service-Type = Login-User
>         Request-Protocol = TACACS+
>         User-Name = "fred"
>         User-Password = test
>
> Sun Feb  3 14:16:28 2008: DEBUG: Handling request with Handler ''
>
> Is there a way to debug more ?
>
> Thank you
> Markus



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list