[RADIATOR] TACACS loging issues
Hugh Irvine
hugh at open.com.au
Thu Apr 8 16:00:59 CDT 2010
Hello Jay -
My tests here with the same
AcctLogFileName %L/tacacs/%m%d%y.log
operate correctly, so I would suspect a permissions problem on the %L log directory.
Have you tried a different directory?
And have you restarted radiusd?
regards
Hugh
On 9 Apr 2010, at 01:21, McNealy, Justin S wrote:
> Hugh,
> Here are some of the trace 4 that I get. From the look of it were getting acct requests. We see the command accounting in the main log but the specified log is never created.
>
>
> *** Reply to TACACSPLUS request:
> Code: Access-Accept
> Identifier: UNDEF
> Authentic: 5<165>s'<192>j<232><<161>7<163><226>5B3c
> Attributes:
>
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection result Access-Accept
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection Authentication REPLY 1, 0, ,
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:56724
> Thu Apr 8 11:11:16 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:41823
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection request 192, 2, 1, 0, 2194003494, 53
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection Authorization REQUEST 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 2, service=shell cmd*
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection Authorization RESPONSE 1, , ,
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:41823
> Thu Apr 8 11:11:16 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:47504
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 2988194127, 99
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection Accounting REQUEST 2, 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 4, task_id=292394 timezone=EST service=shell start_time=1270739476
> Thu Apr 8 11:11:16 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
> Code: Accounting-Request
> Identifier: UNDEF
> Authentic: <150><246><136>$t=<165><7><13>D]<185>,!<224><204>
> Attributes:
> NAS-IP-Address = 10.23.200.21
> NAS-Port-Id = "tty3"
> Calling-Station-Id = "192.168.1.1"
> Class = "TACACS"
> User-Name = "Userj"
> Acct-Status-Type = Start
> Acct-Session-Id = "2988194127"
> cisco-avpair = "task_id=292394"
> cisco-avpair = "timezone=EST"
> cisco-avpair = "service=shell"
> cisco-avpair = "start_time=1270739476"
> OSC-Version-Identifier = "192"
>
> Thu Apr 8 11:11:16 2010: DEBUG: Handling request with Handler 'Class=TACACS'
> Thu Apr 8 11:11:16 2010: DEBUG: Adding session for Userj, 10.23.200.21,
> Thu Apr 8 11:11:16 2010: DEBUG: Handling with Radius::AuthUNIX:
> Thu Apr 8 11:11:16 2010: DEBUG: AuthBy UNIX result: ACCEPT,
> Thu Apr 8 11:11:16 2010: DEBUG: Accounting accepted
> Thu Apr 8 11:11:16 2010: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code: Accounting-Response
> Identifier: UNDEF
> Authentic: <150><246><136>$t=<165><7><13>D]<185>,!<224><204>
> Attributes:
>
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection result Accounting-Response
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
> Thu Apr 8 11:11:16 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:47504
> Thu Apr 8 11:11:19 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:33758
> Thu Apr 8 11:11:19 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 60803508, 139
> Thu Apr 8 11:11:19 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 6, task_id=292394 timezone=EST service=shell start_time=1270739479 priv-lvl=15 cmd=configure terminal <cr>
> Thu Apr 8 11:11:19 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
> Code: Accounting-Request
> Identifier: UNDEF
> Authentic: <23><238><142><154>p=<166>C<222><145>U]<186>9<Y
> Attributes:
> NAS-IP-Address = 10.23.200.21
> NAS-Port-Id = "tty3"
> Calling-Station-Id = "192.168.1.1"
> Class = "TACACS"
> User-Name = "Userj"
> Acct-Status-Type = Stop
> Acct-Session-Id = "60803508"
> cisco-avpair = "task_id=292394"
> cisco-avpair = "timezone=EST"
> cisco-avpair = "service=shell"
> cisco-avpair = "start_time=1270739479"
> cisco-avpair = "priv-lvl=15"
> cisco-avpair = "cmd=configure terminal <cr>"
> OSC-Version-Identifier = "192"
>
> Thu Apr 8 11:11:19 2010: DEBUG: Handling request with Handler 'Class=TACACS'
> Thu Apr 8 11:11:19 2010: DEBUG: Deleting session for Userj, 10.23.200.21,
> Thu Apr 8 11:11:19 2010: DEBUG: Handling with Radius::AuthUNIX:
> Thu Apr 8 11:11:19 2010: DEBUG: AuthBy UNIX result: ACCEPT,
> Thu Apr 8 11:11:19 2010: DEBUG: Accounting accepted
> Thu Apr 8 11:11:19 2010: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code: Accounting-Response
> Identifier: UNDEF
> Authentic: <23><238><142><154>p=<166>C<222><145>U]<186>9<Y
> Attributes:
>
> Thu Apr 8 11:11:19 2010: DEBUG: TacacsplusConnection result Accounting-Response
> Thu Apr 8 11:11:19 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
> Thu Apr 8 11:11:19 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:33758
> Thu Apr 8 11:11:26 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:14974
> Thu Apr 8 11:11:26 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 3539875501, 150
> Thu Apr 8 11:11:26 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 6, task_id=292395 timezone=EST service=shell start_time=1270739486 priv-lvl=15 cmd=interface GigabitEthernet 3/1 <cr>
> Thu Apr 8 11:11:26 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
> Code: Accounting-Request
> Identifier: UNDEF
> Authentic: *""M<172><20>0<157><202><9>^U<212><31>j"
> Attributes:
> NAS-IP-Address = 10.23.200.21
> NAS-Port-Id = "tty3"
> Calling-Station-Id = "192.168.1.1"
> Class = "TACACS"
> User-Name = "Userj"
> Acct-Status-Type = Stop
> Acct-Session-Id = "3539875501"
> cisco-avpair = "task_id=292395"
> cisco-avpair = "timezone=EST"
> cisco-avpair = "service=shell"
> cisco-avpair = "start_time=1270739486"
> cisco-avpair = "priv-lvl=15"
> cisco-avpair = "cmd=interface GigabitEthernet 3/1 <cr>"
> OSC-Version-Identifier = "192"
>
> Thu Apr 8 11:11:26 2010: DEBUG: Handling request with Handler 'Class=TACACS'
> Thu Apr 8 11:11:26 2010: DEBUG: Deleting session for Userj, 10.23.200.21,
> Thu Apr 8 11:11:26 2010: DEBUG: Handling with Radius::AuthUNIX:
> Thu Apr 8 11:11:26 2010: DEBUG: AuthBy UNIX result: ACCEPT,
> Thu Apr 8 11:11:26 2010: DEBUG: Accounting accepted
> Thu Apr 8 11:11:26 2010: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code: Accounting-Response
> Identifier: UNDEF
> Authentic: *""M<172><20>0<157><202><9>^U<212><31>j"
> Attributes:
>
> Thu Apr 8 11:11:26 2010: DEBUG: TacacsplusConnection result Accounting-Response
> Thu Apr 8 11:11:26 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
> Thu Apr 8 11:11:26 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:14974
> Thu Apr 8 11:11:45 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:19124
> Thu Apr 8 11:11:45 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 3797381689, 124
> Thu Apr 8 11:11:45 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 6, task_id=292396 timezone=EST service=shell start_time=1270739505 priv-lvl=0 cmd=exit <cr>
> Thu Apr 8 11:11:45 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
> Code: Accounting-Request
> Identifier: UNDEF
> Authentic: <140><248><174><205><127><247>B<147><129>$<17><183><2><19>PF
> Attributes:
> NAS-IP-Address = 10.23.200.21
> NAS-Port-Id = "tty3"
> Calling-Station-Id = "192.168.1.1"
> Class = "TACACS"
> User-Name = "Userj"
> Acct-Status-Type = Stop
> Acct-Session-Id = "3797381689"
> cisco-avpair = "task_id=292396"
> cisco-avpair = "timezone=EST"
> cisco-avpair = "service=shell"
> cisco-avpair = "start_time=1270739505"
> cisco-avpair = "priv-lvl=0"
> cisco-avpair = "cmd=exit <cr>"
> OSC-Version-Identifier = "192"
>
> Thu Apr 8 11:11:45 2010: DEBUG: Handling request with Handler 'Class=TACACS'
> Thu Apr 8 11:11:45 2010: DEBUG: Deleting session for Userj, 10.23.200.21,
> Thu Apr 8 11:11:45 2010: DEBUG: Handling with Radius::AuthUNIX:
> Thu Apr 8 11:11:45 2010: DEBUG: AuthBy UNIX result: ACCEPT,
> Thu Apr 8 11:11:45 2010: DEBUG: Accounting accepted
> Thu Apr 8 11:11:45 2010: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code: Accounting-Response
> Identifier: UNDEF
> Authentic: <140><248><174><205><127><247>B<147><129>$<17><183><2><19>PF
> Attributes:
>
> Thu Apr 8 11:11:45 2010: DEBUG: TacacsplusConnection result Accounting-Response
> Thu Apr 8 11:11:45 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
> Thu Apr 8 11:11:45 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:19124
> Thu Apr 8 11:11:45 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:46708
> Thu Apr 8 11:11:45 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 858630330, 124
> Thu Apr 8 11:11:45 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, Userj, tty3, 192.168.1.1, 6, task_id=292397 timezone=EST service=shell start_time=1270739505 priv-lvl=0 cmd=exit <cr>
> Thu Apr 8 11:11:45 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
> Code: Accounting-Request
> Identifier: UNDEF
> Authentic: X<159>(<225>!<4><204><17>v<193>}<230><178><201>m<249>
> Attributes:
> NAS-IP-Address = 10.23.200.21
> NAS-Port-Id = "tty3"
> Calling-Station-Id = "192.168.1.1"
> Class = "TACACS"
> User-Name = "Userj"
> Acct-Status-Type = Stop
> Acct-Session-Id = "858630330"
> cisco-avpair = "task_id=292397"
> cisco-avpair = "timezone=EST"
> cisco-avpair = "service=shell"
> cisco-avpair = "start_time=1270739505"
> cisco-avpair = "priv-lvl=0"
> cisco-avpair = "cmd=exit <cr>"
> OSC-Version-Identifier = "192"
>
> Thu Apr 8 11:11:45 2010: DEBUG: Handling request with Handler 'Class=TACACS'
> Thu Apr 8 11:11:45 2010: DEBUG: Deleting session for Userj, 10.23.200.21,
> Thu Apr 8 11:11:45 2010: DEBUG: Handling with Radius::AuthUNIX:
> Thu Apr 8 11:11:45 2010: DEBUG: AuthBy UNIX result: ACCEPT,
> Thu Apr 8 11:11:45 2010: DEBUG: Accounting accepted
> Thu Apr 8 11:11:45 2010: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code: Accounting-Response
> Identifier: UNDEF
> Authentic: X<159>(<225>!<4><204><17>v<193>}<230><178><201>m<249>
> Attributes:
>
> Thu Apr 8 11:11:45 2010: DEBUG: TacacsplusConnection result Accounting-Response
> Thu Apr 8 11:11:45 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
> Thu Apr 8 11:11:45 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:46708
> Thu Apr 8 11:11:48 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:63699
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 1, 1, 0, 2994342893, 34
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Authentication START 1, 1, 1 for adminbfn, tty2, 128.23.241.197
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Authentication REPLY 5, 1, Password: ,
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 1, 3, 0, 2994342893, 20
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Authentication CONTINUE 0, **obscured**,
> Thu Apr 8 11:11:48 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: <171><241>R<152>}<18>5<217>[M<2><190><238><136><173>3
> Attributes:
> NAS-IP-Address = 10.23.200.21
> NAS-Port-Id = "tty2"
> Calling-Station-Id = "128.23.241.197"
> Service-Type = Login-User
> Class = "TACACS"
> User-Name = "adminbfn"
> User-Password = **obscured**
> OSC-Version-Identifier = "192"
>
> Thu Apr 8 11:11:48 2010: DEBUG: Handling request with Handler 'Class=TACACS'
> Thu Apr 8 11:11:48 2010: DEBUG: Deleting session for adminbfn, 10.23.200.21,
> Thu Apr 8 11:11:48 2010: DEBUG: Handling with Radius::AuthUNIX:
> Thu Apr 8 11:11:48 2010: DEBUG: Radius::AuthUNIX looks for match with adminbfn [adminbfn]
> Thu Apr 8 11:11:48 2010: DEBUG: Radius::AuthUNIX ACCEPT: : adminbfn [adminbfn]
> Thu Apr 8 11:11:48 2010: DEBUG: AuthBy UNIX result: ACCEPT,
> Thu Apr 8 11:11:48 2010: DEBUG: Access accepted for adminbfn
> Thu Apr 8 11:11:48 2010: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code: Access-Accept
> Identifier: UNDEF
> Authentic: <171><241>R<152>}<18>5<217>[M<2><190><238><136><173>3
> Attributes:
>
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection result Access-Accept
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Authentication REPLY 1, 0, ,
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:63699
> Thu Apr 8 11:11:48 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:27742
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 2, 1, 0, 2494531639, 53
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Authorization REQUEST 6, 15, 1, 1, adminbfn, tty2, 128.23.241.197, 2, service=shell cmd*
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Authorization RESPONSE 1, , ,
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:27742
> Thu Apr 8 11:11:48 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:46651
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 325437098, 99
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REQUEST 2, 6, 15, 1, 1, adminbfn, tty2, 128.23.241.197, 4, task_id=292399 timezone=EST service=shell start_time=1270739508
> Thu Apr 8 11:11:48 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
> Code: Accounting-Request
> Identifier: UNDEF
> Authentic: 3p%`g<154>3<11>G<150><237>J<224><192><209><179>
> Attributes:
> NAS-IP-Address = 10.23.200.21
> NAS-Port-Id = "tty2"
> Calling-Station-Id = "128.23.241.197"
> Class = "TACACS"
> User-Name = "adminbfn"
> Acct-Status-Type = Start
> Acct-Session-Id = "325437098"
> cisco-avpair = "task_id=292399"
> cisco-avpair = "timezone=EST"
> cisco-avpair = "service=shell"
> cisco-avpair = "start_time=1270739508"
> OSC-Version-Identifier = "192"
>
> Thu Apr 8 11:11:48 2010: DEBUG: Handling request with Handler 'Class=TACACS'
> Thu Apr 8 11:11:48 2010: DEBUG: Adding session for adminbfn, 10.23.200.21,
> Thu Apr 8 11:11:48 2010: DEBUG: Handling with Radius::AuthUNIX:
> Thu Apr 8 11:11:48 2010: DEBUG: AuthBy UNIX result: ACCEPT,
> Thu Apr 8 11:11:48 2010: DEBUG: Accounting accepted
> Thu Apr 8 11:11:48 2010: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code: Accounting-Response
> Identifier: UNDEF
> Authentic: 3p%`g<154>3<11>G<150><237>J<224><192><209><179>
> Attributes:
>
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection result Accounting-Response
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:46651
> Thu Apr 8 11:11:48 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:28090
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 3444111421, 137
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, adminbfn, tty2, 128.23.241.197, 6, task_id=292399 timezone=EST service=shell start_time=1270739508 priv-lvl=1 cmd=terminal length 0 <cr>
> Thu Apr 8 11:11:48 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
> Code: Accounting-Request
> Identifier: UNDEF
> Authentic: <142><185><227><203><223>.<213><1>y<166>K<12>-4<127><221>
> Attributes:
> NAS-IP-Address = 10.23.200.21
> NAS-Port-Id = "tty2"
> Calling-Station-Id = "128.23.241.197"
> Class = "TACACS"
> User-Name = "adminbfn"
> Acct-Status-Type = Stop
> Acct-Session-Id = "3444111421"
> cisco-avpair = "task_id=292399"
> cisco-avpair = "timezone=EST"
> cisco-avpair = "service=shell"
> cisco-avpair = "start_time=1270739508"
> cisco-avpair = "priv-lvl=1"
> cisco-avpair = "cmd=terminal length 0 <cr>"
> OSC-Version-Identifier = "192"
>
> Thu Apr 8 11:11:48 2010: DEBUG: Handling request with Handler 'Class=TACACS'
> Thu Apr 8 11:11:48 2010: DEBUG: Deleting session for adminbfn, 10.23.200.21,
> Thu Apr 8 11:11:48 2010: DEBUG: Handling with Radius::AuthUNIX:
> Thu Apr 8 11:11:48 2010: DEBUG: AuthBy UNIX result: ACCEPT,
> Thu Apr 8 11:11:48 2010: DEBUG: Accounting accepted
> Thu Apr 8 11:11:48 2010: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code: Accounting-Response
> Identifier: UNDEF
> Authentic: <142><185><227><203><223>.<213><1>y<166>K<12>-4<127><221>
> Attributes:
>
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection result Accounting-Response
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:28090
> Thu Apr 8 11:11:48 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:53423
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 242754393, 142
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 15, 1, 1, adminbfn, tty2, 128.23.241.197, 6, task_id=292400 timezone=EST service=shell start_time=1270739508 priv-lvl=0 cmd=show mac-address-table <cr>
> Thu Apr 8 11:11:48 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
> Code: Accounting-Request
> Identifier: UNDEF
> Authentic: <226>h<132><219><178><222>`<135><4><2><9><253><239>0<183><191>
> Attributes:
> NAS-IP-Address = 10.23.200.21
> NAS-Port-Id = "tty2"
> Calling-Station-Id = "128.23.241.197"
> Class = "TACACS"
> User-Name = "adminbfn"
> Acct-Status-Type = Stop
> Acct-Session-Id = "242754393"
> cisco-avpair = "task_id=292400"
> cisco-avpair = "timezone=EST"
> cisco-avpair = "service=shell"
> cisco-avpair = "start_time=1270739508"
> cisco-avpair = "priv-lvl=0"
> cisco-avpair = "cmd=show mac-address-table <cr>"
> OSC-Version-Identifier = "192"
>
> Thu Apr 8 11:11:48 2010: DEBUG: Handling request with Handler 'Class=TACACS'
> Thu Apr 8 11:11:48 2010: DEBUG: Deleting session for adminbfn, 10.23.200.21,
> Thu Apr 8 11:11:48 2010: DEBUG: Handling with Radius::AuthUNIX:
> Thu Apr 8 11:11:48 2010: DEBUG: AuthBy UNIX result: ACCEPT,
> Thu Apr 8 11:11:48 2010: DEBUG: Accounting accepted
> Thu Apr 8 11:11:48 2010: DEBUG: Packet dump:
> *** Reply to TACACSPLUS request:
> Code: Accounting-Response
> Identifier: UNDEF
> Authentic: <226>h<132><219><178><222>`<135><4><2><9><253><239>0<183><191>
> Attributes:
>
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection result Accounting-Response
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
> Thu Apr 8 11:11:48 2010: DEBUG: TacacsplusConnection disconnected from 10.23.200.21:53423
> Thu Apr 8 11:11:49 2010: DEBUG: New TacacsplusConnection created for 10.23.200.21:52203
> Thu Apr 8 11:11:49 2010: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 3055229668, 163
> Thu Apr 8 11:11:49 2010: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 1, 1, 1, adminbfn, tty2, 128.23.241.197, 8, task_id=292399 timezone=EST service=shell start_time=1270739508 disc-cause=9 disc-cause-ext=2 pre-session-time=0 elapsed_time=1
> Thu Apr 8 11:11:49 2010: DEBUG: TACACSPLUS derived Radius request packet dump:
> Code: Accounting-Request
> Identifier: UNDEF
> Authentic: H<26>V<146><155><231><2>&U<145>r<196>:<152>4<10>
> Attributes:
> NAS-IP-Address = 10.23.200.21
> NAS-Port-Id = "tty2"
> Calling-Station-Id = "128.23.241.197"
> Class = "TACACS"
> User-Name = "adminbfn"
> Acct-Status-Type = Stop
> Acct-Session-Id = "3055229668"
> cisco-avpair = "task_id=292399"
> cisco-avpair = "timezone=EST"
> cisco-avpair = "service=shell"
> cisco-avpair = "start_time=1270739508"
> cisco-avpair = "disc-cause=9"
> cisco-avpair = "disc-cause-ext=2"
> cisco-avpair = "pre-session-time=0"
> cisco-avpair = "elapsed_time=1"
> OSC-Version-Identifier = "192"
>
>
>
> Thanks
> Jay McNealy
>
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Wednesday, April 07, 2010 5:37 PM
> To: User, Justin S
> Cc: radiator at open.com.au
> Subject: Re: TACACS loging issues
>
>
> Hello Jay -
>
> I am guessing that you are not receiving any accounting requests.
>
> Will need to see the trace 4 debug to say for sure.
>
> regards
>
> Hugh
>
>
> On 8 Apr 2010, at 05:58, User, Justin S wrote:
>
>> Hugh,
>> We are starting to use our server to handle tacacs+ requests and so far were working fine. One issue we are having is that the detail logs are not going to the specified directory. Instead their going to the main log file. Our configs below. Are we missing something?
>>
>>
>> <ServerTACACSPLUS>
>> Key key
>> Port 1024
>> AddToRequest Class=TACACS
>> </ServerTACACSPLUS>
>>
>> <Handler Class=TACACS>
>> AuthByPolicy ContinueUntilAccept
>> <AuthBy UNIX>
>> GroupFilename %D/group
>> Filename %D/passwd.nst
>> </AuthBy>
>>
>> AcctLogFileName %L/tacacs/%m%d%y.log
>>
>> </Handler>
>>
>>
>>
>> Thanks
>> Jay McNealy
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec), and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list