[RADIATOR] BUG in ServerTACACSPLUS.pm - not processing client related attributes
Ranko Zivojnovic
Ranko.Zivojnovic at spidernet.com
Mon Apr 6 01:23:10 CDT 2009
Hello Hugh,
Below is a test configuration and logfiles (some things obfuscated).
Logfile1 shows the output of the stock 4.4 Radiator - you will note the
message "WARNING: TacacsplusConnection could not find a Handler".
Testing showed that $self->{peeraddr} in
ServerTACACSPLUS.pm:dispatch_radius_request() is a text format IP address
and in order for &Radius::Client::findAddress() to actually find the client
it must be first converted with inet_pton().
The simple patch I've sent in my previous message fixes this issue for me -
but the problem could originate elsewhere.
Logfile2 shows correct operation with the patch applied.
If you need any other info - please let me know.
Best regards,
Ranko
---cut:test.cfg---
LogDir /var/log/radius
DbDir /etc/radiator
Trace 4
BindAddress 10.11.12.13
AuthPort 1645,1812
AcctPort 1646,1813
<ClientListLDAP>
include %D/ldap.cfg
BaseDN ou=Hosts, dc=example, dc=net
RefreshPeriod 1800
</ClientListLDAP>
<Handler HostType=TypeA>
#*snip*
</Handler>
<Handler HostType=TypeB>
#*snip*
</Handler>
<Handler HostType=TypeC>
#*snip*
</Handler>
<Handler HostType=CiscoRouter>
AcctLogFileName %L/Cisco.log
<AuthBy GROUP>
AuthByPolicy ContinueWhileReject
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
<AuthBy LDAP2>
include %D/ldap.cfg
BaseDN ou=groups, dc=example, dc=net
UsernameAttr memberUid
SearchFilter (&(cn=cisco-admins)(%0=%1))
NoCheckPassword
</AuthBy>
<AuthBy LDAP2>
include %D/ldap.cfg
BaseDN ou=users, dc=example, dc=net
AddToReply Service-Type =
Administrative-User, Idle-Timeout = 900, tacacsgroup=admins
AuthAttrDef host,NAS-Identifier,check
EncryptedPasswordAttr userPassword
</AuthBy>
</AuthBy>
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
<AuthBy LDAP2>
include %D/ldap.cfg
BaseDN ou=groups, dc=example, dc=net
UsernameAttr memberUid
SearchFilter (&(cn=cisco-users)(%0=%1))
NoCheckPassword
</AuthBy>
<AuthBy LDAP2>
include %D/ldap.cfg
BaseDN ou=users, dc=example, dc=net
AddToReply Service-Type = Login-User,
Idle-Timeout = 900, tacacsgroup=versiononly
AuthAttrDef host,NAS-Identifier,check
EncryptedPasswordAttr userPassword
</AuthBy>
</AuthBy>
</AuthBy>
</Handler>
<ServerTACACSPLUS>
BindAddress 10.11.12.13
GroupMemberAttr tacacsgroup
AuthorizeGroup versiononly permit service=shell cmd=show
cmd-arg=version
AuthorizeGroup versiononly permit service=shell cmd\* {idletime=15
priv-lvl=1}
AuthorizeGroup versiononly deny .*
AuthorizeGroup admins permit service=shell cmd\* {idletime=15
priv-lvl=15}
AuthorizeGroup admins permit .*
</ServerTACACSPLUS>
---cut:test.cfg---
---cut:logfile1---
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: INFO: Connecting to 127.0.0.1:636
Mon Apr 6 08:02:48 2009: INFO: Attempting to bind to LDAP server
127.0.0.1:636
Mon Apr 6 08:02:48 2009: DEBUG: Adding Clients from LDAP database
Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP SearchFilter:
(objectclass=oscRadiusClient), BaseDN: ou=Hosts, dc=example, dc=net, attrs:
oscRadiusAddToRequest oscRadiusIgnoreAcctSignature oscRadiusSNMPCommunity
oscRadiusSecret oscRadiusDefaultReply oscRadiusFramedGroup
oscRadiusUseOldAscendPasswords oscRadiusStripfromRequest
oscRadiusDupInterval oscRadiusAddToRequestIfNotExist oscRadiusPacketTrace
oscRadiusDynamicReply oscRadiusLivingstonHole
oscRadiusFramedGroupBaseAddress oscRadiusFramedGroupPortOffset
oscRadiusRewriteUsername oscRadiusStripFromReply oscRadiusPreHandlerHook
oscRadiusNoIgnoreDuplicates oscRadiusNasType oscRadiusIdenticalClients
oscRadiusAddToReply oscRadiusAddToReplyIfNotExist oscRadiusLivingstonOffs
oscRadiusStatusServerShowClientDetails oscRadiusAllowInReply
oscRadiusClientName oscRadiusFramedGroupMaxPortsPerClassC
Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got result for
cn=router1,ou=Hosts,dc=example, dc=net
Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusAddToRequest:
HostType=CiscoRouter
Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusSecret: XXXXXX
Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusClientName:
router1.example.net
Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got result for
cn=router2,ou=Hosts,dc=example, dc=net
Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusAddToRequest:
HostType=CiscoRouter
Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusSecret: XXXXXX
Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusClientName:
router2.example.net
*snip*
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:02:48 2009: DEBUG: Creating TACACSPLUS port 10.11.12.13:49
Mon Apr 6 08:02:48 2009: DEBUG: Finished reading configuration file
'/etc/radiator/test.cfg'
Mon Apr 6 08:02:48 2009: DEBUG: Reading dictionary file
'/etc/radiator/dictionary'
Mon Apr 6 08:02:49 2009: DEBUG: Creating authentication port
10.11.12.13:1645
Mon Apr 6 08:02:49 2009: DEBUG: Creating authentication port
10.11.12.13:1812
Mon Apr 6 08:02:49 2009: DEBUG: Creating accounting port 10.11.12.13:1646
Mon Apr 6 08:02:49 2009: DEBUG: Creating accounting port 10.11.12.13:1813
Mon Apr 6 08:02:49 2009: NOTICE: Server started: Radiator 4.4 on
radius.example.net
Mon Apr 6 08:03:24 2009: DEBUG: New TacacsplusConnection created for
10.11.12.1:54948
Mon Apr 6 08:03:24 2009: DEBUG: TacacsplusConnection request 192, 1, 1, 0,
2730182230, 32
Mon Apr 6 08:03:24 2009: DEBUG: TacacsplusConnection Authentication START
1, 1, 1 for ranko, tty2, 10.11.12.13
Mon Apr 6 08:03:24 2009: DEBUG: TacacsplusConnection Authentication REPLY
5, 1, Password: ,
Mon Apr 6 08:03:24 2009: DEBUG: TacacsplusConnection request 192, 1, 3, 0,
2730182230, 13
Mon Apr 6 08:03:24 2009: DEBUG: TacacsplusConnection Authentication
CONTINUE 0, XXXXXX,
Mon Apr 6 08:03:24 2009: DEBUG: TACACSPLUS derived Radius request packet
dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <231><219>/Q<255>{o<133><160>SK<20>BZ<146><10>
Attributes:
NAS-IP-Address = 10.11.12.1
NAS-Port-Id = "tty2"
Calling-Station-Id = "10.11.12.13"
Service-Type = Login-User
User-Name = "ranko"
User-Password = XXXXXX
OSC-Version-Identifier = "192"
Mon Apr 6 08:03:24 2009: WARNING: TacacsplusConnection could not find a
Handler
Mon Apr 6 08:03:29 2009: DEBUG: TacacsplusConnection disconnected from
10.11.12.1:54948
Mon Apr 6 08:05:48 2009: NOTICE: SIGTERM received: stopping
---cut:logfile1---
---cut:logfile2---
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: INFO: Connecting to 127.0.0.1:636
Mon Apr 6 08:38:20 2009: INFO: Attempting to bind to LDAP server
127.0.0.1:636
Mon Apr 6 08:38:20 2009: DEBUG: Adding Clients from LDAP database
Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP SearchFilter:
(objectclass=oscRadiusClient), BaseDN: ou=Hosts, dc=example, dc=net, attrs:
oscRadiusAddToRequest oscRadiusIgnoreAcctSignature oscRadiusSNMPCommunity
oscRadiusSecret oscRadiusDefaultReply oscRadiusFramedGroup
oscRadiusUseOldAscendPasswords oscRadiusStripfromRequest
oscRadiusDupInterval oscRadiusAddToRequestIfNotExist oscRadiusPacketTrace
oscRadiusDynamicReply oscRadiusLivingstonHole
oscRadiusFramedGroupBaseAddress oscRadiusFramedGroupPortOffset
oscRadiusRewriteUsername oscRadiusStripFromReply oscRadiusPreHandlerHook
oscRadiusNoIgnoreDuplicates oscRadiusNasType oscRadiusIdenticalClients
oscRadiusAddToReply oscRadiusAddToReplyIfNotExist oscRadiusLivingstonOffs
oscRadiusStatusServerShowClientDetails oscRadiusAllowInReply
oscRadiusClientName oscRadiusFramedGroupMaxPortsPerClassC
Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got result for
cn=router1,ou=Hosts,dc=example, dc=net
Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusAddToRequest:
HostType=CiscoRouter
Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusSecret: XXXXXX
Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusClientName:
router1.example.net
Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got result for
cn=router2,ou=Hosts,dc=example, dc=net
Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusAddToRequest:
HostType=CiscoRouter
Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusSecret: XXXXXX
Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusClientName:
router2.example.net
*snip*
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr 6 08:38:20 2009: DEBUG: Creating TACACSPLUS port 10.11.12.13:49
Mon Apr 6 08:38:20 2009: DEBUG: Finished reading configuration file
'/etc/radiator/test.cfg'
Mon Apr 6 08:38:20 2009: DEBUG: Reading dictionary file
'/etc/radiator/dictionary'
Mon Apr 6 08:38:20 2009: DEBUG: Creating authentication port
10.11.12.13:1645
Mon Apr 6 08:38:20 2009: DEBUG: Creating authentication port
10.11.12.13:1812
Mon Apr 6 08:38:20 2009: DEBUG: Creating accounting port 10.11.12.13:1646
Mon Apr 6 08:38:20 2009: DEBUG: Creating accounting port 10.11.12.13:1813
Mon Apr 6 08:38:20 2009: NOTICE: Server started: Radiator 4.4 on
radius.example.net
Mon Apr 6 08:38:28 2009: DEBUG: New TacacsplusConnection created for
10.12.13.1:51609
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection request 192, 1, 1, 0,
2939512271, 32
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication START
1, 1, 1 for ranko, tty2, 10.11.12.13
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication REPLY
5, 1, Password: ,
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection request 192, 1, 3, 0,
2939512271, 13
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication
CONTINUE 0, XXXXXX,
Mon Apr 6 08:38:28 2009: DEBUG: TACACSPLUS derived Radius request packet
dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <221><132>#<211><245><172><30>c7%<232><148><133><22>1<250>
Attributes:
NAS-IP-Address = 10.12.13.1
NAS-Port-Id = "tty2"
Calling-Station-Id = "10.11.12.13"
Service-Type = Login-User
User-Name = "ranko"
User-Password = XXXXXX
OSC-Version-Identifier = "192"
HostType = CiscoRouter
Mon Apr 6 08:38:28 2009: DEBUG: Handling request with Handler
'HostType=CiscoRouter'
Mon Apr 6 08:38:28 2009: DEBUG: Deleting session for ranko, 10.12.13.1,
Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP:
Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP:
Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2:
Mon Apr 6 08:38:28 2009: INFO: Connecting to 127.0.0.1:636
Mon Apr 6 08:38:28 2009: INFO: Attempting to bind to LDAP server
127.0.0.1:636
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got result for
cn=cisco-admins,ou=groups,dc=example, dc=net
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got objectClass: posixGroup top
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got cn: cisco-admins
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got memberUid: ranko user1
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got gidNumber: 173123
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got creatorsName:
uid=ranko,ou=users,dc=example,dc=net
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got modifiersName:
uid=ranko,ou=users,dc=example,dc=net
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got createTimestamp: 20080902165300Z
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got modifyTimestamp: 20080903162147Z
Mon Apr 6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 looks for match with
ranko [ranko]
Mon Apr 6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 ACCEPT: : ranko [ranko]
Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2:
Mon Apr 6 08:38:28 2009: INFO: Connecting to 127.0.0.1:636
Mon Apr 6 08:38:28 2009: INFO: Attempting to bind to LDAP server
127.0.0.1:636
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got result for
uid=ranko,ou=users,dc=example, dc=net
Mon Apr 6 08:38:28 2009: DEBUG: LDAP got userPassword: XXXXXX
Mon Apr 6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 looks for match with
ranko [ranko]
Mon Apr 6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 ACCEPT: : ranko [ranko]
Mon Apr 6 08:38:28 2009: DEBUG: AuthBy GROUP result: ACCEPT,
Mon Apr 6 08:38:28 2009: DEBUG: Access accepted for ranko
Mon Apr 6 08:38:28 2009: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code: Access-Accept
Identifier: UNDEF
Authentic: <221><132>#<211><245><172><30>c7%<232><148><133><22>1<250>
Attributes:
Service-Type = Administrative-User
Idle-Timeout = 900
tacacsgroup = admins
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection result Access-Accept
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication REPLY
1, 0, ,
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection disconnected from
10.12.13.1:51609
Mon Apr 6 08:38:28 2009: DEBUG: New TacacsplusConnection created for
10.12.13.1:47596
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection request 192, 2, 1, 0,
4145764549, 51
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authorization REQUEST
6, 1, 1, 1, ranko, tty2, 10.11.12.13, 2, service=shell cmd*
Mon Apr 6 08:38:28 2009: DEBUG: AuthorizeGroup rule match found: permit
service=shell cmd\* { idletime=15 priv-lvl=15 }
Mon Apr 6 08:38:28 2009: INFO: Authorization permitted for ranko, group
admins, args service=shell cmd*
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authorization RESPONSE
1, , , idletime=15 priv-lvl=15
Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection disconnected from
10.12.13.1:47596
Mon Apr 6 08:38:28 2009: DEBUG: Packet dump:
*** Received from 10.12.13.1 port 1646 ....
Code: Accounting-Request
Identifier: 249
Authentic: <233>%<236>vd<184>Z<207><209><234>ls<154>b%!
Attributes:
Acct-Session-Id = "0000009B"
User-Name = "ranko"
Acct-Authentic = Remote
Acct-Status-Type = Start
NAS-Port = 2
NAS-Port-Id = "tty2"
NAS-Port-Type = Virtual
Service-Type = NAS-Prompt-User
NAS-IP-Address = 10.12.13.1
Acct-Delay-Time = 0
Mon Apr 6 08:38:28 2009: DEBUG: Handling request with Handler
'HostType=CiscoRouter'
Mon Apr 6 08:38:28 2009: DEBUG: Adding session for ranko, 10.12.13.1, 2
Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP:
Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP:
Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2:
Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2:
Mon Apr 6 08:38:28 2009: DEBUG: AuthBy GROUP result: ACCEPT,
Mon Apr 6 08:38:28 2009: DEBUG: Accounting accepted
Mon Apr 6 08:38:28 2009: DEBUG: Packet dump:
*** Sending to 10.12.13.1 port 1646 ....
Code: Accounting-Response
Identifier: 249
Authentic: <251>|<201>iK<225><163>A-$<140><155><223><140><213><27>
Attributes:
Mon Apr 6 08:38:32 2009: DEBUG: New TacacsplusConnection created for
10.12.13.1:18152
Mon Apr 6 08:38:32 2009: DEBUG: TacacsplusConnection request 192, 2, 1, 0,
2167032874, 84
Mon Apr 6 08:38:32 2009: DEBUG: TacacsplusConnection Authorization REQUEST
1, 1, 1, 0, ranko, tty2, 10.11.12.13, 4, service=shell cmd=show
cmd-arg=version cmd-arg=<cr>
Mon Apr 6 08:38:32 2009: DEBUG: AuthorizeGroup rule match found: permit .*
{ }
Mon Apr 6 08:38:32 2009: INFO: Authorization permitted for ranko, group
admins, args service=shell cmd=show cmd-arg=version cmd-arg=<cr>
Mon Apr 6 08:38:32 2009: DEBUG: TacacsplusConnection Authorization RESPONSE
1, , ,
Mon Apr 6 08:38:32 2009: DEBUG: TacacsplusConnection disconnected from
10.12.13.1:18152
Mon Apr 6 08:38:56 2009: NOTICE: SIGTERM received: stopping
---cut:logfile2---
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: 06 April 2009 06:02
To: Ranko Zivojnovic
Cc: 'radiator at open.com.au'
Subject: Re: [RADIATOR] BUG in ServerTACACSPLUS.pm - not processing client
related attributes
Hello Ranko -
Our testing here shows correct operation with Radiator 4.4.
Can you please send us a copy of your configuration file and a trace 4
debug showing what is happening?
thanks and regards
Hugh
On 6 Apr 2009, at 00:54, Ranko Zivojnovic wrote:
> Greetings,
>
> Radiator is not processing attributes associated with the client in
> ServerTACACSPLUS.pm (like AddToRequest and similar) due to the
> following bug:
>
> ---cut---
> --- a/Radius/ServerTACACSPLUS.pm 2009-03-10 23:59:01.000000000 +0200
> +++ b/Radius/ServerTACACSPLUS.pm 2009-04-05 17:23:15.000000000 +0300
> @@ -554,7 +554,7 @@
> }
>
> # Use Client settings to manipulate Request/Reply
> - my $client = &Radius::Client::findAddress($self->{peeraddr});
> + my $client =
> &Radius::Client::findAddress(Radius::Util::inet_pton($self-
> >{peeraddr}));
>
> $tp->rewriteUsername($client->{RewriteUsername})
> if defined $client->{RewriteUsername};
> ---cut---
>
> Best regards,
>
> Ranko
>
> --
> Ranko Zivojnovic
> IT Director/CTO
>
> SpiderNet Services Public Ltd.
> Nicosia, Cyprus
> Tel: +357 22 844844
> FAX: +357 22 844777
> E-Mail: ranko at spidernet.net
> Web: www.spidernet.net
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5209 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20090406/a5f53c2f/attachment-0001.bin>
More information about the radiator
mailing list