[RADIATOR] Client-Identifier doesn't match handler for Tacacs requests

Hugh Irvine hugh at open.com.au
Tue Nov 24 15:54:05 CST 2009


Hello Alexander -

The client for TACACS is the ServerTACACSPLUS clause.

Ie.

.....

<ServerTACACSPLUS>
	Identifier ouridentifier
	.....
</Server>

<Handler Client-Identifier=ouridentifier, Service-Type=Login-User>
	.....
</Handler>

.....

regards

Hugh


On 25 Nov 2009, at 01:25, Alexander Hartmaier wrote:

> Hi!
> 
> I've configured Radiator according to 5.5.16 Identifier in the 4.4.1
> manual:
> 
> <Client DEFAULT>
>        Identifier ouridentifier
>        TACACSPLUSKey oursecret
>        DupInterval 60
> </Client>
> 
> But this handler doesn't match:
> 
> <Handler Client-Identifier=outidentifier, Service-Type=Login-User>
> 
> The fake radius packet looks like this:
> 
> Attributes:
>        NAS-IP-Address = 10.1.2.3
>        NAS-Port-Id = "tty322"
>        Calling-Station-Id = "1.2.3.4"
>        Service-Type = Login-User
>        User-Name = "username"
>        User-Password = **obscured**
>        OSC-Version-Identifier = "192"
> 
> In ServerTACACSPLUS line 547 it seems this should work:
> 
> $tp->{Client} = $self; # So you can use Client-Identifier check items
> 
> Is this a bug or are I'm doing something wrong?
> 
> --
> Alexander Hartmaier <alexander.hartmaier at t-systems.at>
> T-Systems Austria GesmbH
> 
> 
> 
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> T-Systems Austria GesmbH   Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> Notice: This e-mail contains information that is confidential and may be privileged.
> If you are not the intended recipient, please notify the sender and then
> delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list