[RADIATOR] BUG in ServerTACACSPLUS.pm - not processing client related attributes

Ranko Zivojnovic Ranko.Zivojnovic at spidernet.com
Mon Apr 6 01:23:10 CDT 2009


Hello Hugh,

Below is a test configuration and logfiles (some things obfuscated).

Logfile1 shows the output of the stock 4.4 Radiator - you will note the
message "WARNING: TacacsplusConnection could not find a Handler".

Testing showed that $self->{peeraddr} in
ServerTACACSPLUS.pm:dispatch_radius_request() is a text format IP address
and in order for &Radius::Client::findAddress() to actually find the client
it must be first converted with inet_pton().

The simple patch I've sent in my previous message fixes this issue for me -
but the problem could originate elsewhere.

Logfile2 shows correct operation with the patch applied.

If you need any other info - please let me know.

Best regards,

Ranko

---cut:test.cfg---
LogDir          /var/log/radius
DbDir           /etc/radiator
Trace           4
BindAddress 10.11.12.13
AuthPort 1645,1812
AcctPort 1646,1813

<ClientListLDAP>
        include %D/ldap.cfg
        BaseDN ou=Hosts, dc=example, dc=net
        RefreshPeriod 1800
</ClientListLDAP>

<Handler HostType=TypeA>
#*snip*
</Handler>

<Handler HostType=TypeB>
#*snip*
</Handler>

<Handler HostType=TypeC>
#*snip*
</Handler>

<Handler HostType=CiscoRouter>
        AcctLogFileName %L/Cisco.log
        <AuthBy GROUP>
                AuthByPolicy ContinueWhileReject
                <AuthBy GROUP>
                        AuthByPolicy ContinueWhileAccept
                        <AuthBy LDAP2>
                                include %D/ldap.cfg
                                BaseDN ou=groups, dc=example, dc=net
                                UsernameAttr memberUid
                                SearchFilter (&(cn=cisco-admins)(%0=%1))
                                NoCheckPassword
                        </AuthBy>
                        <AuthBy LDAP2>
                                include %D/ldap.cfg
                                BaseDN ou=users, dc=example, dc=net
                                AddToReply Service-Type =
Administrative-User, Idle-Timeout = 900, tacacsgroup=admins
                                AuthAttrDef host,NAS-Identifier,check
                                EncryptedPasswordAttr userPassword
                        </AuthBy>
                </AuthBy>       
                <AuthBy GROUP>
                        AuthByPolicy ContinueWhileAccept
                        <AuthBy LDAP2>
                                include %D/ldap.cfg
                                BaseDN ou=groups, dc=example, dc=net
                                UsernameAttr memberUid
                                SearchFilter (&(cn=cisco-users)(%0=%1))
                                NoCheckPassword
                        </AuthBy>
                        <AuthBy LDAP2>
                                include %D/ldap.cfg
                                BaseDN ou=users, dc=example, dc=net
                                AddToReply Service-Type = Login-User,
Idle-Timeout = 900, tacacsgroup=versiononly
                                AuthAttrDef host,NAS-Identifier,check
                                EncryptedPasswordAttr userPassword
                        </AuthBy>
                </AuthBy>       
        </AuthBy>       
</Handler>      
                
<ServerTACACSPLUS>      
        BindAddress 10.11.12.13
        GroupMemberAttr tacacsgroup
        AuthorizeGroup versiononly permit service=shell cmd=show
cmd-arg=version
        AuthorizeGroup versiononly permit service=shell cmd\* {idletime=15
priv-lvl=1}
        AuthorizeGroup versiononly deny .*
        AuthorizeGroup admins permit service=shell cmd\* {idletime=15
priv-lvl=15}
        AuthorizeGroup admins permit .* 
</ServerTACACSPLUS>
---cut:test.cfg---

---cut:logfile1---
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: INFO: Connecting to 127.0.0.1:636
Mon Apr  6 08:02:48 2009: INFO: Attempting to bind to LDAP server
127.0.0.1:636
Mon Apr  6 08:02:48 2009: DEBUG: Adding Clients from LDAP database
Mon Apr  6 08:02:48 2009: DEBUG: ClientListLDAP SearchFilter:
(objectclass=oscRadiusClient), BaseDN: ou=Hosts, dc=example, dc=net, attrs:
oscRadiusAddToRequest oscRadiusIgnoreAcctSignature oscRadiusSNMPCommunity
oscRadiusSecret oscRadiusDefaultReply oscRadiusFramedGroup
oscRadiusUseOldAscendPasswords oscRadiusStripfromRequest
oscRadiusDupInterval oscRadiusAddToRequestIfNotExist oscRadiusPacketTrace
oscRadiusDynamicReply oscRadiusLivingstonHole
oscRadiusFramedGroupBaseAddress oscRadiusFramedGroupPortOffset
oscRadiusRewriteUsername oscRadiusStripFromReply oscRadiusPreHandlerHook
oscRadiusNoIgnoreDuplicates oscRadiusNasType oscRadiusIdenticalClients
oscRadiusAddToReply oscRadiusAddToReplyIfNotExist oscRadiusLivingstonOffs
oscRadiusStatusServerShowClientDetails oscRadiusAllowInReply
oscRadiusClientName oscRadiusFramedGroupMaxPortsPerClassC
Mon Apr  6 08:02:48 2009: DEBUG: ClientListLDAP got result for
cn=router1,ou=Hosts,dc=example, dc=net
Mon Apr  6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusAddToRequest:
HostType=CiscoRouter
Mon Apr  6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusSecret: XXXXXX
Mon Apr  6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusClientName:
router1.example.net
Mon Apr  6 08:02:48 2009: DEBUG: ClientListLDAP got result for
cn=router2,ou=Hosts,dc=example, dc=net
Mon Apr  6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusAddToRequest:
HostType=CiscoRouter
Mon Apr  6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusSecret: XXXXXX
Mon Apr  6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusClientName:
router2.example.net
*snip*
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:02:48 2009: DEBUG: Creating TACACSPLUS port 10.11.12.13:49
Mon Apr  6 08:02:48 2009: DEBUG: Finished reading configuration file
'/etc/radiator/test.cfg'
Mon Apr  6 08:02:48 2009: DEBUG: Reading dictionary file
'/etc/radiator/dictionary'
Mon Apr  6 08:02:49 2009: DEBUG: Creating authentication port
10.11.12.13:1645
Mon Apr  6 08:02:49 2009: DEBUG: Creating authentication port
10.11.12.13:1812
Mon Apr  6 08:02:49 2009: DEBUG: Creating accounting port 10.11.12.13:1646
Mon Apr  6 08:02:49 2009: DEBUG: Creating accounting port 10.11.12.13:1813
Mon Apr  6 08:02:49 2009: NOTICE: Server started: Radiator 4.4 on
radius.example.net
Mon Apr  6 08:03:24 2009: DEBUG: New TacacsplusConnection created for
10.11.12.1:54948
Mon Apr  6 08:03:24 2009: DEBUG: TacacsplusConnection request 192, 1, 1, 0,
2730182230, 32
Mon Apr  6 08:03:24 2009: DEBUG: TacacsplusConnection Authentication START
1, 1, 1 for ranko, tty2, 10.11.12.13
Mon Apr  6 08:03:24 2009: DEBUG: TacacsplusConnection Authentication REPLY
5, 1, Password: ,  
Mon Apr  6 08:03:24 2009: DEBUG: TacacsplusConnection request 192, 1, 3, 0,
2730182230, 13
Mon Apr  6 08:03:24 2009: DEBUG: TacacsplusConnection Authentication
CONTINUE 0, XXXXXX, 
Mon Apr  6 08:03:24 2009: DEBUG: TACACSPLUS derived Radius request packet
dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <231><219>/Q<255>{o<133><160>SK<20>BZ<146><10>
Attributes:
        NAS-IP-Address = 10.11.12.1
        NAS-Port-Id = "tty2"
        Calling-Station-Id = "10.11.12.13"
        Service-Type = Login-User
        User-Name = "ranko"
        User-Password = XXXXXX
        OSC-Version-Identifier = "192"

Mon Apr  6 08:03:24 2009: WARNING: TacacsplusConnection could not find a
Handler
Mon Apr  6 08:03:29 2009: DEBUG: TacacsplusConnection disconnected from
10.11.12.1:54948
Mon Apr  6 08:05:48 2009: NOTICE: SIGTERM received: stopping
---cut:logfile1---

---cut:logfile2---
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: INFO: Connecting to 127.0.0.1:636
Mon Apr  6 08:38:20 2009: INFO: Attempting to bind to LDAP server
127.0.0.1:636
Mon Apr  6 08:38:20 2009: DEBUG: Adding Clients from LDAP database
Mon Apr  6 08:38:20 2009: DEBUG: ClientListLDAP SearchFilter:
(objectclass=oscRadiusClient), BaseDN: ou=Hosts, dc=example, dc=net, attrs:
oscRadiusAddToRequest oscRadiusIgnoreAcctSignature oscRadiusSNMPCommunity
oscRadiusSecret oscRadiusDefaultReply oscRadiusFramedGroup
oscRadiusUseOldAscendPasswords oscRadiusStripfromRequest
oscRadiusDupInterval oscRadiusAddToRequestIfNotExist oscRadiusPacketTrace
oscRadiusDynamicReply oscRadiusLivingstonHole
oscRadiusFramedGroupBaseAddress oscRadiusFramedGroupPortOffset
oscRadiusRewriteUsername oscRadiusStripFromReply oscRadiusPreHandlerHook
oscRadiusNoIgnoreDuplicates oscRadiusNasType oscRadiusIdenticalClients
oscRadiusAddToReply oscRadiusAddToReplyIfNotExist oscRadiusLivingstonOffs
oscRadiusStatusServerShowClientDetails oscRadiusAllowInReply
oscRadiusClientName oscRadiusFramedGroupMaxPortsPerClassC
Mon Apr  6 08:38:20 2009: DEBUG: ClientListLDAP got result for
cn=router1,ou=Hosts,dc=example, dc=net
Mon Apr  6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusAddToRequest:
HostType=CiscoRouter
Mon Apr  6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusSecret: XXXXXX
Mon Apr  6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusClientName:
router1.example.net
Mon Apr  6 08:38:20 2009: DEBUG: ClientListLDAP got result for
cn=router2,ou=Hosts,dc=example, dc=net
Mon Apr  6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusAddToRequest:
HostType=CiscoRouter
Mon Apr  6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusSecret: XXXXXX
Mon Apr  6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusClientName:
router2.example.net
*snip*
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
Mon Apr  6 08:38:20 2009: DEBUG: Creating TACACSPLUS port 10.11.12.13:49
Mon Apr  6 08:38:20 2009: DEBUG: Finished reading configuration file
'/etc/radiator/test.cfg'
Mon Apr  6 08:38:20 2009: DEBUG: Reading dictionary file
'/etc/radiator/dictionary'
Mon Apr  6 08:38:20 2009: DEBUG: Creating authentication port
10.11.12.13:1645
Mon Apr  6 08:38:20 2009: DEBUG: Creating authentication port
10.11.12.13:1812
Mon Apr  6 08:38:20 2009: DEBUG: Creating accounting port 10.11.12.13:1646
Mon Apr  6 08:38:20 2009: DEBUG: Creating accounting port 10.11.12.13:1813
Mon Apr  6 08:38:20 2009: NOTICE: Server started: Radiator 4.4 on
radius.example.net
Mon Apr  6 08:38:28 2009: DEBUG: New TacacsplusConnection created for
10.12.13.1:51609
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection request 192, 1, 1, 0,
2939512271, 32
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication START
1, 1, 1 for ranko, tty2, 10.11.12.13
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication REPLY
5, 1, Password: ,  
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection request 192, 1, 3, 0,
2939512271, 13
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication
CONTINUE 0, XXXXXX, 
Mon Apr  6 08:38:28 2009: DEBUG: TACACSPLUS derived Radius request packet
dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <221><132>#<211><245><172><30>c7%<232><148><133><22>1<250>
Attributes:
        NAS-IP-Address = 10.12.13.1
        NAS-Port-Id = "tty2"
        Calling-Station-Id = "10.11.12.13"
        Service-Type = Login-User
        User-Name = "ranko"
        User-Password = XXXXXX
        OSC-Version-Identifier = "192"
        HostType = CiscoRouter

Mon Apr  6 08:38:28 2009: DEBUG: Handling request with Handler
'HostType=CiscoRouter'
Mon Apr  6 08:38:28 2009: DEBUG:  Deleting session for ranko, 10.12.13.1, 
Mon Apr  6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP: 
Mon Apr  6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP: 
Mon Apr  6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2: 
Mon Apr  6 08:38:28 2009: INFO: Connecting to 127.0.0.1:636
Mon Apr  6 08:38:28 2009: INFO: Attempting to bind to LDAP server
127.0.0.1:636
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got result for
cn=cisco-admins,ou=groups,dc=example, dc=net
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got objectClass: posixGroup top
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got cn: cisco-admins
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got memberUid: ranko user1
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got gidNumber: 173123
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got creatorsName:
uid=ranko,ou=users,dc=example,dc=net
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got modifiersName:
uid=ranko,ou=users,dc=example,dc=net
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got createTimestamp: 20080902165300Z
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got modifyTimestamp: 20080903162147Z
Mon Apr  6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 looks for match with
ranko [ranko]
Mon Apr  6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 ACCEPT: : ranko [ranko]
Mon Apr  6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2: 
Mon Apr  6 08:38:28 2009: INFO: Connecting to 127.0.0.1:636
Mon Apr  6 08:38:28 2009: INFO: Attempting to bind to LDAP server
127.0.0.1:636
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got result for
uid=ranko,ou=users,dc=example, dc=net
Mon Apr  6 08:38:28 2009: DEBUG: LDAP got userPassword: XXXXXX
Mon Apr  6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 looks for match with
ranko [ranko]
Mon Apr  6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 ACCEPT: : ranko [ranko]
Mon Apr  6 08:38:28 2009: DEBUG: AuthBy GROUP result: ACCEPT, 
Mon Apr  6 08:38:28 2009: DEBUG: Access accepted for ranko
Mon Apr  6 08:38:28 2009: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Access-Accept
Identifier: UNDEF
Authentic:  <221><132>#<211><245><172><30>c7%<232><148><133><22>1<250>
Attributes:
        Service-Type = Administrative-User
        Idle-Timeout = 900
        tacacsgroup = admins

Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection result Access-Accept
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication REPLY
1, 0, ,  
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection disconnected from
10.12.13.1:51609
Mon Apr  6 08:38:28 2009: DEBUG: New TacacsplusConnection created for
10.12.13.1:47596
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection request 192, 2, 1, 0,
4145764549, 51
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection Authorization REQUEST
6, 1, 1, 1, ranko, tty2, 10.11.12.13, 2, service=shell cmd*
Mon Apr  6 08:38:28 2009: DEBUG: AuthorizeGroup rule match found: permit
service=shell cmd\* { idletime=15 priv-lvl=15 }
Mon Apr  6 08:38:28 2009: INFO: Authorization permitted for ranko, group
admins, args service=shell cmd*
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection Authorization RESPONSE
1, , , idletime=15 priv-lvl=15
Mon Apr  6 08:38:28 2009: DEBUG: TacacsplusConnection disconnected from
10.12.13.1:47596
Mon Apr  6 08:38:28 2009: DEBUG: Packet dump:
*** Received from 10.12.13.1 port 1646 ....
Code:       Accounting-Request
Identifier: 249
Authentic:  <233>%<236>vd<184>Z<207><209><234>ls<154>b%!
Attributes:
        Acct-Session-Id = "0000009B"
        User-Name = "ranko"
        Acct-Authentic = Remote
        Acct-Status-Type = Start
        NAS-Port = 2
        NAS-Port-Id = "tty2"
        NAS-Port-Type = Virtual
        Service-Type = NAS-Prompt-User
        NAS-IP-Address = 10.12.13.1
        Acct-Delay-Time = 0

Mon Apr  6 08:38:28 2009: DEBUG: Handling request with Handler
'HostType=CiscoRouter'
Mon Apr  6 08:38:28 2009: DEBUG:  Adding session for ranko, 10.12.13.1, 2
Mon Apr  6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP: 
Mon Apr  6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP: 
Mon Apr  6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2: 
Mon Apr  6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2: 
Mon Apr  6 08:38:28 2009: DEBUG: AuthBy GROUP result: ACCEPT, 
Mon Apr  6 08:38:28 2009: DEBUG: Accounting accepted
Mon Apr  6 08:38:28 2009: DEBUG: Packet dump:
*** Sending to 10.12.13.1 port 1646 ....
Code:       Accounting-Response
Identifier: 249
Authentic:  <251>|<201>iK<225><163>A-$<140><155><223><140><213><27>
Attributes:

Mon Apr  6 08:38:32 2009: DEBUG: New TacacsplusConnection created for
10.12.13.1:18152
Mon Apr  6 08:38:32 2009: DEBUG: TacacsplusConnection request 192, 2, 1, 0,
2167032874, 84
Mon Apr  6 08:38:32 2009: DEBUG: TacacsplusConnection Authorization REQUEST
1, 1, 1, 0, ranko, tty2, 10.11.12.13, 4, service=shell cmd=show
cmd-arg=version cmd-arg=<cr>
Mon Apr  6 08:38:32 2009: DEBUG: AuthorizeGroup rule match found: permit .*
{  }
Mon Apr  6 08:38:32 2009: INFO: Authorization permitted for ranko, group
admins, args service=shell cmd=show cmd-arg=version cmd-arg=<cr>
Mon Apr  6 08:38:32 2009: DEBUG: TacacsplusConnection Authorization RESPONSE
1, , , 
Mon Apr  6 08:38:32 2009: DEBUG: TacacsplusConnection disconnected from
10.12.13.1:18152
Mon Apr  6 08:38:56 2009: NOTICE: SIGTERM received: stopping 
---cut:logfile2---

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: 06 April 2009 06:02
To: Ranko Zivojnovic
Cc: 'radiator at open.com.au'
Subject: Re: [RADIATOR] BUG in ServerTACACSPLUS.pm - not processing client
related attributes


Hello Ranko -

Our testing here shows correct operation with Radiator 4.4.

Can you please send us a copy of your configuration file and a trace 4  
debug showing what is happening?

thanks and regards

Hugh


On 6 Apr 2009, at 00:54, Ranko Zivojnovic wrote:

> Greetings,
>
> Radiator is not processing attributes associated with the client in  
> ServerTACACSPLUS.pm (like AddToRequest and similar) due to the  
> following bug:
>
> ---cut---
> --- a/Radius/ServerTACACSPLUS.pm   2009-03-10 23:59:01.000000000 +0200
> +++ b/Radius/ServerTACACSPLUS.pm   2009-04-05 17:23:15.000000000 +0300
> @@ -554,7 +554,7 @@
>     }
>
>     # Use Client settings to manipulate Request/Reply
> -    my $client = &Radius::Client::findAddress($self->{peeraddr});
> +    my $client =  
> &Radius::Client::findAddress(Radius::Util::inet_pton($self- 
> >{peeraddr}));
>
>     $tp->rewriteUsername($client->{RewriteUsername})
>         if defined $client->{RewriteUsername};
> ---cut---
>
> Best regards,
>
> Ranko
>
> --
> Ranko Zivojnovic
> IT Director/CTO
>
> SpiderNet Services Public Ltd.
> Nicosia, Cyprus
> Tel:    +357 22 844844
> FAX:    +357 22 844777
> E-Mail: ranko at spidernet.net
> Web:    www.spidernet.net
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5209 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20090406/a5f53c2f/attachment-0001.bin>


More information about the radiator mailing list