[RADIATOR] BUG in ServerTACACSPLUS.pm - not processing client related attributes
Hugh Irvine
hugh at open.com.au
Tue Apr 7 02:21:40 CDT 2009
Hello Ranko -
We still have not been able to reproduce the problem, but we have
added a modified version of your patch anyway.
Would you please download and install the latest Radiator 4.4 patches
and test it for us?
Please let us know how you get on.
regards
Hugh
On 6 Apr 2009, at 16:23, Ranko Zivojnovic wrote:
> Hello Hugh,
>
> Below is a test configuration and logfiles (some things obfuscated).
>
> Logfile1 shows the output of the stock 4.4 Radiator - you will note
> the
> message "WARNING: TacacsplusConnection could not find a Handler".
>
> Testing showed that $self->{peeraddr} in
> ServerTACACSPLUS.pm:dispatch_radius_request() is a text format IP
> address
> and in order for &Radius::Client::findAddress() to actually find the
> client
> it must be first converted with inet_pton().
>
> The simple patch I've sent in my previous message fixes this issue
> for me -
> but the problem could originate elsewhere.
>
> Logfile2 shows correct operation with the patch applied.
>
> If you need any other info - please let me know.
>
> Best regards,
>
> Ranko
>
> ---cut:test.cfg---
> LogDir /var/log/radius
> DbDir /etc/radiator
> Trace 4
> BindAddress 10.11.12.13
> AuthPort 1645,1812
> AcctPort 1646,1813
>
> <ClientListLDAP>
> include %D/ldap.cfg
> BaseDN ou=Hosts, dc=example, dc=net
> RefreshPeriod 1800
> </ClientListLDAP>
>
> <Handler HostType=TypeA>
> #*snip*
> </Handler>
>
> <Handler HostType=TypeB>
> #*snip*
> </Handler>
>
> <Handler HostType=TypeC>
> #*snip*
> </Handler>
>
> <Handler HostType=CiscoRouter>
> AcctLogFileName %L/Cisco.log
> <AuthBy GROUP>
> AuthByPolicy ContinueWhileReject
> <AuthBy GROUP>
> AuthByPolicy ContinueWhileAccept
> <AuthBy LDAP2>
> include %D/ldap.cfg
> BaseDN ou=groups, dc=example, dc=net
> UsernameAttr memberUid
> SearchFilter (&(cn=cisco-admins)(%0=
> %1))
> NoCheckPassword
> </AuthBy>
> <AuthBy LDAP2>
> include %D/ldap.cfg
> BaseDN ou=users, dc=example, dc=net
> AddToReply Service-Type =
> Administrative-User, Idle-Timeout = 900, tacacsgroup=admins
> AuthAttrDef host,NAS-Identifier,check
> EncryptedPasswordAttr userPassword
> </AuthBy>
> </AuthBy>
> <AuthBy GROUP>
> AuthByPolicy ContinueWhileAccept
> <AuthBy LDAP2>
> include %D/ldap.cfg
> BaseDN ou=groups, dc=example, dc=net
> UsernameAttr memberUid
> SearchFilter (&(cn=cisco-users)(%0=%1))
> NoCheckPassword
> </AuthBy>
> <AuthBy LDAP2>
> include %D/ldap.cfg
> BaseDN ou=users, dc=example, dc=net
> AddToReply Service-Type = Login-User,
> Idle-Timeout = 900, tacacsgroup=versiononly
> AuthAttrDef host,NAS-Identifier,check
> EncryptedPasswordAttr userPassword
> </AuthBy>
> </AuthBy>
> </AuthBy>
> </Handler>
>
> <ServerTACACSPLUS>
> BindAddress 10.11.12.13
> GroupMemberAttr tacacsgroup
> AuthorizeGroup versiononly permit service=shell cmd=show
> cmd-arg=version
> AuthorizeGroup versiononly permit service=shell cmd\*
> {idletime=15
> priv-lvl=1}
> AuthorizeGroup versiononly deny .*
> AuthorizeGroup admins permit service=shell cmd\* {idletime=15
> priv-lvl=15}
> AuthorizeGroup admins permit .*
> </ServerTACACSPLUS>
> ---cut:test.cfg---
>
> ---cut:logfile1---
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: INFO: Connecting to 127.0.0.1:636
> Mon Apr 6 08:02:48 2009: INFO: Attempting to bind to LDAP server
> 127.0.0.1:636
> Mon Apr 6 08:02:48 2009: DEBUG: Adding Clients from LDAP database
> Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP SearchFilter:
> (objectclass=oscRadiusClient), BaseDN: ou=Hosts, dc=example, dc=net,
> attrs:
> oscRadiusAddToRequest oscRadiusIgnoreAcctSignature
> oscRadiusSNMPCommunity
> oscRadiusSecret oscRadiusDefaultReply oscRadiusFramedGroup
> oscRadiusUseOldAscendPasswords oscRadiusStripfromRequest
> oscRadiusDupInterval oscRadiusAddToRequestIfNotExist
> oscRadiusPacketTrace
> oscRadiusDynamicReply oscRadiusLivingstonHole
> oscRadiusFramedGroupBaseAddress oscRadiusFramedGroupPortOffset
> oscRadiusRewriteUsername oscRadiusStripFromReply
> oscRadiusPreHandlerHook
> oscRadiusNoIgnoreDuplicates oscRadiusNasType oscRadiusIdenticalClients
> oscRadiusAddToReply oscRadiusAddToReplyIfNotExist
> oscRadiusLivingstonOffs
> oscRadiusStatusServerShowClientDetails oscRadiusAllowInReply
> oscRadiusClientName oscRadiusFramedGroupMaxPortsPerClassC
> Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got result for
> cn=router1,ou=Hosts,dc=example, dc=net
> Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got
> oscRadiusAddToRequest:
> HostType=CiscoRouter
> Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusSecret:
> XXXXXX
> Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got
> oscRadiusClientName:
> router1.example.net
> Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got result for
> cn=router2,ou=Hosts,dc=example, dc=net
> Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got
> oscRadiusAddToRequest:
> HostType=CiscoRouter
> Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got oscRadiusSecret:
> XXXXXX
> Mon Apr 6 08:02:48 2009: DEBUG: ClientListLDAP got
> oscRadiusClientName:
> router2.example.net
> *snip*
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:02:48 2009: DEBUG: Creating TACACSPLUS port
> 10.11.12.13:49
> Mon Apr 6 08:02:48 2009: DEBUG: Finished reading configuration file
> '/etc/radiator/test.cfg'
> Mon Apr 6 08:02:48 2009: DEBUG: Reading dictionary file
> '/etc/radiator/dictionary'
> Mon Apr 6 08:02:49 2009: DEBUG: Creating authentication port
> 10.11.12.13:1645
> Mon Apr 6 08:02:49 2009: DEBUG: Creating authentication port
> 10.11.12.13:1812
> Mon Apr 6 08:02:49 2009: DEBUG: Creating accounting port
> 10.11.12.13:1646
> Mon Apr 6 08:02:49 2009: DEBUG: Creating accounting port
> 10.11.12.13:1813
> Mon Apr 6 08:02:49 2009: NOTICE: Server started: Radiator 4.4 on
> radius.example.net
> Mon Apr 6 08:03:24 2009: DEBUG: New TacacsplusConnection created for
> 10.11.12.1:54948
> Mon Apr 6 08:03:24 2009: DEBUG: TacacsplusConnection request 192,
> 1, 1, 0,
> 2730182230, 32
> Mon Apr 6 08:03:24 2009: DEBUG: TacacsplusConnection Authentication
> START
> 1, 1, 1 for ranko, tty2, 10.11.12.13
> Mon Apr 6 08:03:24 2009: DEBUG: TacacsplusConnection Authentication
> REPLY
> 5, 1, Password: ,
> Mon Apr 6 08:03:24 2009: DEBUG: TacacsplusConnection request 192,
> 1, 3, 0,
> 2730182230, 13
> Mon Apr 6 08:03:24 2009: DEBUG: TacacsplusConnection Authentication
> CONTINUE 0, XXXXXX,
> Mon Apr 6 08:03:24 2009: DEBUG: TACACSPLUS derived Radius request
> packet
> dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: <231><219>/Q<255>{o<133><160>SK<20>BZ<146><10>
> Attributes:
> NAS-IP-Address = 10.11.12.1
> NAS-Port-Id = "tty2"
> Calling-Station-Id = "10.11.12.13"
> Service-Type = Login-User
> User-Name = "ranko"
> User-Password = XXXXXX
> OSC-Version-Identifier = "192"
>
> Mon Apr 6 08:03:24 2009: WARNING: TacacsplusConnection could not
> find a
> Handler
> Mon Apr 6 08:03:29 2009: DEBUG: TacacsplusConnection disconnected
> from
> 10.11.12.1:54948
> Mon Apr 6 08:05:48 2009: NOTICE: SIGTERM received: stopping
> ---cut:logfile1---
>
> ---cut:logfile2---
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: INFO: Connecting to 127.0.0.1:636
> Mon Apr 6 08:38:20 2009: INFO: Attempting to bind to LDAP server
> 127.0.0.1:636
> Mon Apr 6 08:38:20 2009: DEBUG: Adding Clients from LDAP database
> Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP SearchFilter:
> (objectclass=oscRadiusClient), BaseDN: ou=Hosts, dc=example, dc=net,
> attrs:
> oscRadiusAddToRequest oscRadiusIgnoreAcctSignature
> oscRadiusSNMPCommunity
> oscRadiusSecret oscRadiusDefaultReply oscRadiusFramedGroup
> oscRadiusUseOldAscendPasswords oscRadiusStripfromRequest
> oscRadiusDupInterval oscRadiusAddToRequestIfNotExist
> oscRadiusPacketTrace
> oscRadiusDynamicReply oscRadiusLivingstonHole
> oscRadiusFramedGroupBaseAddress oscRadiusFramedGroupPortOffset
> oscRadiusRewriteUsername oscRadiusStripFromReply
> oscRadiusPreHandlerHook
> oscRadiusNoIgnoreDuplicates oscRadiusNasType oscRadiusIdenticalClients
> oscRadiusAddToReply oscRadiusAddToReplyIfNotExist
> oscRadiusLivingstonOffs
> oscRadiusStatusServerShowClientDetails oscRadiusAllowInReply
> oscRadiusClientName oscRadiusFramedGroupMaxPortsPerClassC
> Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got result for
> cn=router1,ou=Hosts,dc=example, dc=net
> Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got
> oscRadiusAddToRequest:
> HostType=CiscoRouter
> Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusSecret:
> XXXXXX
> Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got
> oscRadiusClientName:
> router1.example.net
> Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got result for
> cn=router2,ou=Hosts,dc=example, dc=net
> Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got
> oscRadiusAddToRequest:
> HostType=CiscoRouter
> Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got oscRadiusSecret:
> XXXXXX
> Mon Apr 6 08:38:20 2009: DEBUG: ClientListLDAP got
> oscRadiusClientName:
> router2.example.net
> *snip*
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: include /etc/radiator/ldap.cfg
> Mon Apr 6 08:38:20 2009: DEBUG: Creating TACACSPLUS port
> 10.11.12.13:49
> Mon Apr 6 08:38:20 2009: DEBUG: Finished reading configuration file
> '/etc/radiator/test.cfg'
> Mon Apr 6 08:38:20 2009: DEBUG: Reading dictionary file
> '/etc/radiator/dictionary'
> Mon Apr 6 08:38:20 2009: DEBUG: Creating authentication port
> 10.11.12.13:1645
> Mon Apr 6 08:38:20 2009: DEBUG: Creating authentication port
> 10.11.12.13:1812
> Mon Apr 6 08:38:20 2009: DEBUG: Creating accounting port
> 10.11.12.13:1646
> Mon Apr 6 08:38:20 2009: DEBUG: Creating accounting port
> 10.11.12.13:1813
> Mon Apr 6 08:38:20 2009: NOTICE: Server started: Radiator 4.4 on
> radius.example.net
> Mon Apr 6 08:38:28 2009: DEBUG: New TacacsplusConnection created for
> 10.12.13.1:51609
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection request 192,
> 1, 1, 0,
> 2939512271, 32
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication
> START
> 1, 1, 1 for ranko, tty2, 10.11.12.13
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication
> REPLY
> 5, 1, Password: ,
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection request 192,
> 1, 3, 0,
> 2939512271, 13
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication
> CONTINUE 0, XXXXXX,
> Mon Apr 6 08:38:28 2009: DEBUG: TACACSPLUS derived Radius request
> packet
> dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: <221><132>#<211><245><172><30>c7%<232><148><133><22>1<250>
> Attributes:
> NAS-IP-Address = 10.12.13.1
> NAS-Port-Id = "tty2"
> Calling-Station-Id = "10.11.12.13"
> Service-Type = Login-User
> User-Name = "ranko"
> User-Password = XXXXXX
> OSC-Version-Identifier = "192"
> HostType = CiscoRouter
>
> Mon Apr 6 08:38:28 2009: DEBUG: Handling request with Handler
> 'HostType=CiscoRouter'
> Mon Apr 6 08:38:28 2009: DEBUG: Deleting session for ranko,
> 10.12.13.1,
> Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP:
> Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP:
> Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2:
> Mon Apr 6 08:38:28 2009: INFO: Connecting to 127.0.0.1:636
> Mon Apr 6 08:38:28 2009: INFO: Attempting to bind to LDAP server
> 127.0.0.1:636
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got result for
> cn=cisco-admins,ou=groups,dc=example, dc=net
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got objectClass: posixGroup top
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got cn: cisco-admins
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got memberUid: ranko user1
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got gidNumber: 173123
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got creatorsName:
> uid=ranko,ou=users,dc=example,dc=net
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got modifiersName:
> uid=ranko,ou=users,dc=example,dc=net
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got createTimestamp:
> 20080902165300Z
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got modifyTimestamp:
> 20080903162147Z
> Mon Apr 6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 looks for match
> with
> ranko [ranko]
> Mon Apr 6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 ACCEPT: : ranko
> [ranko]
> Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2:
> Mon Apr 6 08:38:28 2009: INFO: Connecting to 127.0.0.1:636
> Mon Apr 6 08:38:28 2009: INFO: Attempting to bind to LDAP server
> 127.0.0.1:636
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got result for
> uid=ranko,ou=users,dc=example, dc=net
> Mon Apr 6 08:38:28 2009: DEBUG: LDAP got userPassword: XXXXXX
> Mon Apr 6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 looks for match
> with
> ranko [ranko]
> Mon Apr 6 08:38:28 2009: DEBUG: Radius::AuthLDAP2 ACCEPT: : ranko
> [ranko]
> Mon Apr 6 08:38:28 2009: DEBUG: AuthBy GROUP result: ACCEPT,
> Mon Apr 6 08:38:28 2009: DEBUG: Access accepted for ranko
> Mon Apr 6 08:38:28 2009: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code: Access-Accept
> Identifier: UNDEF
> Authentic: <221><132>#<211><245><172><30>c7%<232><148><133><22>1<250>
> Attributes:
> Service-Type = Administrative-User
> Idle-Timeout = 900
> tacacsgroup = admins
>
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection result Access-
> Accept
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authentication
> REPLY
> 1, 0, ,
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection disconnected
> from
> 10.12.13.1:51609
> Mon Apr 6 08:38:28 2009: DEBUG: New TacacsplusConnection created for
> 10.12.13.1:47596
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection request 192,
> 2, 1, 0,
> 4145764549, 51
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authorization
> REQUEST
> 6, 1, 1, 1, ranko, tty2, 10.11.12.13, 2, service=shell cmd*
> Mon Apr 6 08:38:28 2009: DEBUG: AuthorizeGroup rule match found:
> permit
> service=shell cmd\* { idletime=15 priv-lvl=15 }
> Mon Apr 6 08:38:28 2009: INFO: Authorization permitted for ranko,
> group
> admins, args service=shell cmd*
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection Authorization
> RESPONSE
> 1, , , idletime=15 priv-lvl=15
> Mon Apr 6 08:38:28 2009: DEBUG: TacacsplusConnection disconnected
> from
> 10.12.13.1:47596
> Mon Apr 6 08:38:28 2009: DEBUG: Packet dump:
> *** Received from 10.12.13.1 port 1646 ....
> Code: Accounting-Request
> Identifier: 249
> Authentic: <233>%<236>vd<184>Z<207><209><234>ls<154>b%!
> Attributes:
> Acct-Session-Id = "0000009B"
> User-Name = "ranko"
> Acct-Authentic = Remote
> Acct-Status-Type = Start
> NAS-Port = 2
> NAS-Port-Id = "tty2"
> NAS-Port-Type = Virtual
> Service-Type = NAS-Prompt-User
> NAS-IP-Address = 10.12.13.1
> Acct-Delay-Time = 0
>
> Mon Apr 6 08:38:28 2009: DEBUG: Handling request with Handler
> 'HostType=CiscoRouter'
> Mon Apr 6 08:38:28 2009: DEBUG: Adding session for ranko,
> 10.12.13.1, 2
> Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP:
> Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthGROUP:
> Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2:
> Mon Apr 6 08:38:28 2009: DEBUG: Handling with Radius::AuthLDAP2:
> Mon Apr 6 08:38:28 2009: DEBUG: AuthBy GROUP result: ACCEPT,
> Mon Apr 6 08:38:28 2009: DEBUG: Accounting accepted
> Mon Apr 6 08:38:28 2009: DEBUG: Packet dump:
> *** Sending to 10.12.13.1 port 1646 ....
> Code: Accounting-Response
> Identifier: 249
> Authentic: <251>|<201>iK<225><163>A-$<140><155><223><140><213><27>
> Attributes:
>
> Mon Apr 6 08:38:32 2009: DEBUG: New TacacsplusConnection created for
> 10.12.13.1:18152
> Mon Apr 6 08:38:32 2009: DEBUG: TacacsplusConnection request 192,
> 2, 1, 0,
> 2167032874, 84
> Mon Apr 6 08:38:32 2009: DEBUG: TacacsplusConnection Authorization
> REQUEST
> 1, 1, 1, 0, ranko, tty2, 10.11.12.13, 4, service=shell cmd=show
> cmd-arg=version cmd-arg=<cr>
> Mon Apr 6 08:38:32 2009: DEBUG: AuthorizeGroup rule match found:
> permit .*
> { }
> Mon Apr 6 08:38:32 2009: INFO: Authorization permitted for ranko,
> group
> admins, args service=shell cmd=show cmd-arg=version cmd-arg=<cr>
> Mon Apr 6 08:38:32 2009: DEBUG: TacacsplusConnection Authorization
> RESPONSE
> 1, , ,
> Mon Apr 6 08:38:32 2009: DEBUG: TacacsplusConnection disconnected
> from
> 10.12.13.1:18152
> Mon Apr 6 08:38:56 2009: NOTICE: SIGTERM received: stopping
> ---cut:logfile2---
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: 06 April 2009 06:02
> To: Ranko Zivojnovic
> Cc: 'radiator at open.com.au'
> Subject: Re: [RADIATOR] BUG in ServerTACACSPLUS.pm - not processing
> client
> related attributes
>
>
> Hello Ranko -
>
> Our testing here shows correct operation with Radiator 4.4.
>
> Can you please send us a copy of your configuration file and a trace 4
> debug showing what is happening?
>
> thanks and regards
>
> Hugh
>
>
> On 6 Apr 2009, at 00:54, Ranko Zivojnovic wrote:
>
>> Greetings,
>>
>> Radiator is not processing attributes associated with the client in
>> ServerTACACSPLUS.pm (like AddToRequest and similar) due to the
>> following bug:
>>
>> ---cut---
>> --- a/Radius/ServerTACACSPLUS.pm 2009-03-10 23:59:01.000000000
>> +0200
>> +++ b/Radius/ServerTACACSPLUS.pm 2009-04-05 17:23:15.000000000
>> +0300
>> @@ -554,7 +554,7 @@
>> }
>>
>> # Use Client settings to manipulate Request/Reply
>> - my $client = &Radius::Client::findAddress($self->{peeraddr});
>> + my $client =
>> &Radius::Client::findAddress(Radius::Util::inet_pton($self-
>>> {peeraddr}));
>>
>> $tp->rewriteUsername($client->{RewriteUsername})
>> if defined $client->{RewriteUsername};
>> ---cut---
>>
>> Best regards,
>>
>> Ranko
>>
>> --
>> Ranko Zivojnovic
>> IT Director/CTO
>>
>> SpiderNet Services Public Ltd.
>> Nicosia, Cyprus
>> Tel: +357 22 844844
>> FAX: +357 22 844777
>> E-Mail: ranko at spidernet.net
>> Web: www.spidernet.net
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list