[RADIATOR] Client-Identifier doesn't match handler for Tacacs requests
Hugh Irvine
hugh at open.com.au
Tue Nov 24 15:54:05 CST 2009
Hello Alexander -
The client for TACACS is the ServerTACACSPLUS clause.
Ie.
.....
<ServerTACACSPLUS>
Identifier ouridentifier
.....
</Server>
<Handler Client-Identifier=ouridentifier, Service-Type=Login-User>
.....
</Handler>
.....
regards
Hugh
On 25 Nov 2009, at 01:25, Alexander Hartmaier wrote:
> Hi!
>
> I've configured Radiator according to 5.5.16 Identifier in the 4.4.1
> manual:
>
> <Client DEFAULT>
> Identifier ouridentifier
> TACACSPLUSKey oursecret
> DupInterval 60
> </Client>
>
> But this handler doesn't match:
>
> <Handler Client-Identifier=outidentifier, Service-Type=Login-User>
>
> The fake radius packet looks like this:
>
> Attributes:
> NAS-IP-Address = 10.1.2.3
> NAS-Port-Id = "tty322"
> Calling-Station-Id = "1.2.3.4"
> Service-Type = Login-User
> User-Name = "username"
> User-Password = **obscured**
> OSC-Version-Identifier = "192"
>
> In ServerTACACSPLUS line 547 it seems this should work:
>
> $tp->{Client} = $self; # So you can use Client-Identifier check items
>
> Is this a bug or are I'm doing something wrong?
>
> --
> Alexander Hartmaier <alexander.hartmaier at t-systems.at>
> T-Systems Austria GesmbH
>
>
>
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> Notice: This e-mail contains information that is confidential and may be privileged.
> If you are not the intended recipient, please notify the sender and then
> delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list