[RADIATOR] TACACS loging issues

McNealy, Justin S mcnealy at musc.edu
Thu Apr 8 10:21:30 CDT 2010


Hugh,
 Here are some of the trace 4 that I get. From the look of it were getting acct requests. We see the command accounting in the main log but the specified log is never created.


*** Reply to TACACSPLUS request:
Code:       Access-Accept
Identifier: UNDEF
Authentic:  5<165>s'<192>j<232><<161>7<163><226>5B3c
Attributes:

Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection result Access-Accept
Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection Authentication REPLY 1, 0, ,
Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:56724
Thu Apr  8 11:11:16 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:41823
Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection request 192, 2, 1, 0, 2194003494, 53
Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection Authorization REQUEST 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 2, service=shell cmd*
Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection Authorization RESPONSE 1, , ,
Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:41823
Thu Apr  8 11:11:16 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:47504
Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 2988194127, 99
Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection Accounting REQUEST 2, 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 4, task_id=292394 timezone=EST service=shell start_time=1270739476
Thu Apr  8 11:11:16 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  <150><246><136>$t=<165><7><13>D]<185>,!<224><204>
Attributes:
        NAS-IP-Address = 10.23.200.21
        NAS-Port-Id = "tty3"
        Calling-Station-Id = "192.168.1.1"
        Class = "TACACS"
        User-Name = "Userj"
        Acct-Status-Type = Start
        Acct-Session-Id = "2988194127"
        cisco-avpair = "task_id=292394"
        cisco-avpair = "timezone=EST"
        cisco-avpair = "service=shell"
        cisco-avpair = "start_time=1270739476"
        OSC-Version-Identifier = "192"

Thu Apr  8 11:11:16 2010: DEBUG: Handling request with Handler 'Class=TACACS'
Thu Apr  8 11:11:16 2010: DEBUG:  Adding session for Userj, 10.23.200.21,
Thu Apr  8 11:11:16 2010: DEBUG: Handling with Radius::AuthUNIX:
Thu Apr  8 11:11:16 2010: DEBUG: AuthBy UNIX result: ACCEPT,
Thu Apr  8 11:11:16 2010: DEBUG: Accounting accepted
Thu Apr  8 11:11:16 2010: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Accounting-Response
Identifier: UNDEF
Authentic:  <150><246><136>$t=<165><7><13>D]<185>,!<224><204>
Attributes:

Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection result Accounting-Response
Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
Thu Apr  8 11:11:16 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:47504
Thu Apr  8 11:11:19 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:33758
Thu Apr  8 11:11:19 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 60803508, 139
Thu Apr  8 11:11:19 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 6, task_id=292394 timezone=EST service=shell start_time=1270739479 priv-lvl=15 cmd=configure terminal <cr>
Thu Apr  8 11:11:19 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  <23><238><142><154>p=<166>C<222><145>U]<186>9<Y
Attributes:
        NAS-IP-Address = 10.23.200.21
        NAS-Port-Id = "tty3"
        Calling-Station-Id = "192.168.1.1"
        Class = "TACACS"
        User-Name = "Userj"
        Acct-Status-Type = Stop
        Acct-Session-Id = "60803508"
        cisco-avpair = "task_id=292394"
        cisco-avpair = "timezone=EST"
        cisco-avpair = "service=shell"
        cisco-avpair = "start_time=1270739479"
        cisco-avpair = "priv-lvl=15"
        cisco-avpair = "cmd=configure terminal <cr>"
        OSC-Version-Identifier = "192"

Thu Apr  8 11:11:19 2010: DEBUG: Handling request with Handler 'Class=TACACS'
Thu Apr  8 11:11:19 2010: DEBUG:  Deleting session for Userj, 10.23.200.21,
Thu Apr  8 11:11:19 2010: DEBUG: Handling with Radius::AuthUNIX:
Thu Apr  8 11:11:19 2010: DEBUG: AuthBy UNIX result: ACCEPT,
Thu Apr  8 11:11:19 2010: DEBUG: Accounting accepted
Thu Apr  8 11:11:19 2010: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Accounting-Response
Identifier: UNDEF
Authentic:  <23><238><142><154>p=<166>C<222><145>U]<186>9<Y
Attributes:

Thu Apr  8 11:11:19 2010: DEBUG: TacacsplusConnection result Accounting-Response
Thu Apr  8 11:11:19 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
Thu Apr  8 11:11:19 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:33758
Thu Apr  8 11:11:26 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:14974
Thu Apr  8 11:11:26 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 3539875501, 150
Thu Apr  8 11:11:26 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 6, task_id=292395 timezone=EST service=shell start_time=1270739486 priv-lvl=15 cmd=interface GigabitEthernet 3/1 <cr>
Thu Apr  8 11:11:26 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  *""M<172><20>0<157><202><9>^U<212><31>j"
Attributes:
        NAS-IP-Address = 10.23.200.21
        NAS-Port-Id = "tty3"
        Calling-Station-Id = "192.168.1.1"
        Class = "TACACS"
        User-Name = "Userj"
        Acct-Status-Type = Stop
        Acct-Session-Id = "3539875501"
        cisco-avpair = "task_id=292395"
        cisco-avpair = "timezone=EST"
        cisco-avpair = "service=shell"
        cisco-avpair = "start_time=1270739486"
        cisco-avpair = "priv-lvl=15"
        cisco-avpair = "cmd=interface GigabitEthernet 3/1 <cr>"
        OSC-Version-Identifier = "192"

Thu Apr  8 11:11:26 2010: DEBUG: Handling request with Handler 'Class=TACACS'
Thu Apr  8 11:11:26 2010: DEBUG:  Deleting session for Userj, 10.23.200.21,
Thu Apr  8 11:11:26 2010: DEBUG: Handling with Radius::AuthUNIX:
Thu Apr  8 11:11:26 2010: DEBUG: AuthBy UNIX result: ACCEPT,
Thu Apr  8 11:11:26 2010: DEBUG: Accounting accepted
Thu Apr  8 11:11:26 2010: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Accounting-Response
Identifier: UNDEF
Authentic:  *""M<172><20>0<157><202><9>^U<212><31>j"
Attributes:

Thu Apr  8 11:11:26 2010: DEBUG: TacacsplusConnection result Accounting-Response
Thu Apr  8 11:11:26 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
Thu Apr  8 11:11:26 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:14974
Thu Apr  8 11:11:45 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:19124
Thu Apr  8 11:11:45 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 3797381689, 124
Thu Apr  8 11:11:45 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 6, task_id=292396 timezone=EST service=shell start_time=1270739505 priv-lvl=0 cmd=exit <cr>
Thu Apr  8 11:11:45 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  <140><248><174><205><127><247>B<147><129>$<17><183><2><19>PF
Attributes:
        NAS-IP-Address = 10.23.200.21
        NAS-Port-Id = "tty3"
        Calling-Station-Id = "192.168.1.1"
        Class = "TACACS"
        User-Name = "Userj"
        Acct-Status-Type = Stop
        Acct-Session-Id = "3797381689"
        cisco-avpair = "task_id=292396"
        cisco-avpair = "timezone=EST"
        cisco-avpair = "service=shell"
        cisco-avpair = "start_time=1270739505"
        cisco-avpair = "priv-lvl=0"
        cisco-avpair = "cmd=exit <cr>"
        OSC-Version-Identifier = "192"

Thu Apr  8 11:11:45 2010: DEBUG: Handling request with Handler 'Class=TACACS'
Thu Apr  8 11:11:45 2010: DEBUG:  Deleting session for Userj, 10.23.200.21,
Thu Apr  8 11:11:45 2010: DEBUG: Handling with Radius::AuthUNIX:
Thu Apr  8 11:11:45 2010: DEBUG: AuthBy UNIX result: ACCEPT,
Thu Apr  8 11:11:45 2010: DEBUG: Accounting accepted
Thu Apr  8 11:11:45 2010: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Accounting-Response
Identifier: UNDEF
Authentic:  <140><248><174><205><127><247>B<147><129>$<17><183><2><19>PF
Attributes:

Thu Apr  8 11:11:45 2010: DEBUG: TacacsplusConnection result Accounting-Response
Thu Apr  8 11:11:45 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
Thu Apr  8 11:11:45 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:19124
Thu Apr  8 11:11:45 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:46708
Thu Apr  8 11:11:45 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 858630330, 124
Thu Apr  8 11:11:45 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 6, task_id=292397 timezone=EST service=shell start_time=1270739505 priv-lvl=0 cmd=exit <cr>
Thu Apr  8 11:11:45 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  X<159>(<225>!<4><204><17>v<193>}<230><178><201>m<249>
Attributes:
        NAS-IP-Address = 10.23.200.21
        NAS-Port-Id = "tty3"
        Calling-Station-Id = "192.168.1.1"
        Class = "TACACS"
        User-Name = "Userj"
        Acct-Status-Type = Stop
        Acct-Session-Id = "858630330"
        cisco-avpair = "task_id=292397"
        cisco-avpair = "timezone=EST"
        cisco-avpair = "service=shell"
        cisco-avpair = "start_time=1270739505"
        cisco-avpair = "priv-lvl=0"
        cisco-avpair = "cmd=exit <cr>"
        OSC-Version-Identifier = "192"

Thu Apr  8 11:11:45 2010: DEBUG: Handling request with Handler 'Class=TACACS'
Thu Apr  8 11:11:45 2010: DEBUG:  Deleting session for Userj, 10.23.200.21,
Thu Apr  8 11:11:45 2010: DEBUG: Handling with Radius::AuthUNIX:
Thu Apr  8 11:11:45 2010: DEBUG: AuthBy UNIX result: ACCEPT,
Thu Apr  8 11:11:45 2010: DEBUG: Accounting accepted
Thu Apr  8 11:11:45 2010: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Accounting-Response
Identifier: UNDEF
Authentic:  X<159>(<225>!<4><204><17>v<193>}<230><178><201>m<249>
Attributes:

Thu Apr  8 11:11:45 2010: DEBUG: TacacsplusConnection result Accounting-Response
Thu Apr  8 11:11:45 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
Thu Apr  8 11:11:45 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:46708
Thu Apr  8 11:11:48 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:63699
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 1, 1, 0, 2994342893, 34
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Authentication START 1, 1, 1 for adminbfn, tty2, 128.23.241.197
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Authentication REPLY 5, 1, Password: ,
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 1, 3, 0, 2994342893, 20
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Authentication CONTINUE 0, **obscured**,
Thu Apr  8 11:11:48 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <171><241>R<152>}<18>5<217>[M<2><190><238><136><173>3
Attributes:
        NAS-IP-Address = 10.23.200.21
        NAS-Port-Id = "tty2"
        Calling-Station-Id = "128.23.241.197"
        Service-Type = Login-User
        Class = "TACACS"
        User-Name = "adminbfn"
        User-Password = **obscured**
        OSC-Version-Identifier = "192"

Thu Apr  8 11:11:48 2010: DEBUG: Handling request with Handler 'Class=TACACS'
Thu Apr  8 11:11:48 2010: DEBUG:  Deleting session for adminbfn, 10.23.200.21,
Thu Apr  8 11:11:48 2010: DEBUG: Handling with Radius::AuthUNIX:
Thu Apr  8 11:11:48 2010: DEBUG: Radius::AuthUNIX looks for match with adminbfn [adminbfn]
Thu Apr  8 11:11:48 2010: DEBUG: Radius::AuthUNIX ACCEPT: : adminbfn [adminbfn]
Thu Apr  8 11:11:48 2010: DEBUG: AuthBy UNIX result: ACCEPT,
Thu Apr  8 11:11:48 2010: DEBUG: Access accepted for adminbfn
Thu Apr  8 11:11:48 2010: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Access-Accept
Identifier: UNDEF
Authentic:  <171><241>R<152>}<18>5<217>[M<2><190><238><136><173>3
Attributes:

Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection result Access-Accept
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Authentication REPLY 1, 0, ,
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:63699
Thu Apr  8 11:11:48 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:27742
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 2, 1, 0, 2494531639, 53
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Authorization REQUEST 6, 15, 1, 1, adminbfn, tty2, 128.23.241.197, 2, service=shell cmd*
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Authorization RESPONSE 1, , ,
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:27742
Thu Apr  8 11:11:48 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:46651
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 325437098, 99
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REQUEST 2, 6, 15, 1, 1, adminbfn, tty2, 128.23.241.197, 4, task_id=292399 timezone=EST service=shell start_time=1270739508
Thu Apr  8 11:11:48 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  3p%`g<154>3<11>G<150><237>J<224><192><209><179>
Attributes:
        NAS-IP-Address = 10.23.200.21
        NAS-Port-Id = "tty2"
        Calling-Station-Id = "128.23.241.197"
        Class = "TACACS"
        User-Name = "adminbfn"
        Acct-Status-Type = Start
        Acct-Session-Id = "325437098"
        cisco-avpair = "task_id=292399"
        cisco-avpair = "timezone=EST"
        cisco-avpair = "service=shell"
        cisco-avpair = "start_time=1270739508"
        OSC-Version-Identifier = "192"

Thu Apr  8 11:11:48 2010: DEBUG: Handling request with Handler 'Class=TACACS'
Thu Apr  8 11:11:48 2010: DEBUG:  Adding session for adminbfn, 10.23.200.21,
Thu Apr  8 11:11:48 2010: DEBUG: Handling with Radius::AuthUNIX:
Thu Apr  8 11:11:48 2010: DEBUG: AuthBy UNIX result: ACCEPT,
Thu Apr  8 11:11:48 2010: DEBUG: Accounting accepted
Thu Apr  8 11:11:48 2010: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Accounting-Response
Identifier: UNDEF
Authentic:  3p%`g<154>3<11>G<150><237>J<224><192><209><179>
Attributes:

Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection result Accounting-Response
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:46651
Thu Apr  8 11:11:48 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:28090
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 3444111421, 137
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, adminbfn, tty2, 128.23.241.197, 6, task_id=292399 timezone=EST service=shell start_time=1270739508 priv-lvl=1 cmd=terminal length 0 <cr>
Thu Apr  8 11:11:48 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  <142><185><227><203><223>.<213><1>y<166>K<12>-4<127><221>
Attributes:
        NAS-IP-Address = 10.23.200.21
        NAS-Port-Id = "tty2"
        Calling-Station-Id = "128.23.241.197"
        Class = "TACACS"
        User-Name = "adminbfn"
        Acct-Status-Type = Stop
        Acct-Session-Id = "3444111421"
        cisco-avpair = "task_id=292399"
        cisco-avpair = "timezone=EST"
        cisco-avpair = "service=shell"
        cisco-avpair = "start_time=1270739508"
        cisco-avpair = "priv-lvl=1"
        cisco-avpair = "cmd=terminal length 0 <cr>"
        OSC-Version-Identifier = "192"

Thu Apr  8 11:11:48 2010: DEBUG: Handling request with Handler 'Class=TACACS'
Thu Apr  8 11:11:48 2010: DEBUG:  Deleting session for adminbfn, 10.23.200.21,
Thu Apr  8 11:11:48 2010: DEBUG: Handling with Radius::AuthUNIX:
Thu Apr  8 11:11:48 2010: DEBUG: AuthBy UNIX result: ACCEPT,
Thu Apr  8 11:11:48 2010: DEBUG: Accounting accepted
Thu Apr  8 11:11:48 2010: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Accounting-Response
Identifier: UNDEF
Authentic:  <142><185><227><203><223>.<213><1>y<166>K<12>-4<127><221>
Attributes:

Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection result Accounting-Response
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:28090
Thu Apr  8 11:11:48 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:53423
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 242754393, 142
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, adminbfn, tty2, 128.23.241.197, 6, task_id=292400 timezone=EST service=shell start_time=1270739508 priv-lvl=0 cmd=show mac-address-table <cr>
Thu Apr  8 11:11:48 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  <226>h<132><219><178><222>`<135><4><2><9><253><239>0<183><191>
Attributes:
        NAS-IP-Address = 10.23.200.21
        NAS-Port-Id = "tty2"
        Calling-Station-Id = "128.23.241.197"
        Class = "TACACS"
        User-Name = "adminbfn"
        Acct-Status-Type = Stop
        Acct-Session-Id = "242754393"
        cisco-avpair = "task_id=292400"
        cisco-avpair = "timezone=EST"
        cisco-avpair = "service=shell"
        cisco-avpair = "start_time=1270739508"
        cisco-avpair = "priv-lvl=0"
        cisco-avpair = "cmd=show mac-address-table <cr>"
        OSC-Version-Identifier = "192"

Thu Apr  8 11:11:48 2010: DEBUG: Handling request with Handler 'Class=TACACS'
Thu Apr  8 11:11:48 2010: DEBUG:  Deleting session for adminbfn, 10.23.200.21,
Thu Apr  8 11:11:48 2010: DEBUG: Handling with Radius::AuthUNIX:
Thu Apr  8 11:11:48 2010: DEBUG: AuthBy UNIX result: ACCEPT,
Thu Apr  8 11:11:48 2010: DEBUG: Accounting accepted
Thu Apr  8 11:11:48 2010: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Accounting-Response
Identifier: UNDEF
Authentic:  <226>h<132><219><178><222>`<135><4><2><9><253><239>0<183><191>
Attributes:

Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection result Accounting-Response
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
Thu Apr  8 11:11:48 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:53423
Thu Apr  8 11:11:49 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:52203
Thu Apr  8 11:11:49 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 3055229668, 163
Thu Apr  8 11:11:49 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 1, 1, 1, adminbfn, tty2, 128.23.241.197, 8, task_id=292399 timezone=EST service=shell start_time=1270739508 disc-cause=9 disc-cause-ext=2 pre-session-time=0 elapsed_time=1
Thu Apr  8 11:11:49 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  H<26>V<146><155><231><2>&U<145>r<196>:<152>4<10>
Attributes:
        NAS-IP-Address = 10.23.200.21
        NAS-Port-Id = "tty2"
        Calling-Station-Id = "128.23.241.197"
        Class = "TACACS"
        User-Name = "adminbfn"
        Acct-Status-Type = Stop
        Acct-Session-Id = "3055229668"
        cisco-avpair = "task_id=292399"
        cisco-avpair = "timezone=EST"
        cisco-avpair = "service=shell"
        cisco-avpair = "start_time=1270739508"
        cisco-avpair = "disc-cause=9"
        cisco-avpair = "disc-cause-ext=2"
        cisco-avpair = "pre-session-time=0"
        cisco-avpair = "elapsed_time=1"
        OSC-Version-Identifier = "192"



Thanks
Jay McNealy



-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Wednesday, April 07, 2010 5:37 PM
To: User, Justin S
Cc: radiator at open.com.au
Subject: Re: TACACS loging issues


Hello Jay -

I am guessing that you are not receiving any accounting requests.

Will need to see the trace 4 debug to say for sure.

regards

Hugh


On 8 Apr 2010, at 05:58, User, Justin S wrote:

> Hugh,
>                 We are starting to use our server to handle tacacs+ requests and so far were working fine. One issue we are having is that the detail logs are not going to the specified directory. Instead their going to the main log file. Our configs below. Are we missing something?
>
>
> <ServerTACACSPLUS>
>         Key key
>        Port 1024
>         AddToRequest    Class=TACACS
> </ServerTACACSPLUS>
>
> <Handler Class=TACACS>
>         AuthByPolicy ContinueUntilAccept
>         <AuthBy UNIX>
>                 GroupFilename %D/group
>                 Filename %D/passwd.nst
>         </AuthBy>
>
>        AcctLogFileName %L/tacacs/%m%d%y.log
>
> </Handler>
>
>
>
> Thanks
> Jay McNealy



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec), and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list