[RADIATOR] TACACS authorization without authentication
Vangelis Kyriakakis
vkyriak at forthnet.gr
Thu Apr 22 04:12:26 CDT 2010
Hello Hugh,
Thanks for the answer. This I guess still needs an authentication packet
to work. What I want to do is to send these cisco-avpairs as a reply to
an authorization packet without making an authentication.
This is what I have as input to Radiator (Trace 4 log):
Thu Apr 15 16:27:16 2010: DEBUG: New TacacsplusConnection created for
194.219.252.130:42362
Thu Apr 15 16:27:16 2010: DEBUG: TacacsplusConnection request 192, 2, 1,
0, 1403095764, 71
Thu Apr 15 16:27:16 2010: DEBUG: TacacsplusConnection Authorization
REQUEST 16, 1, 1, 1, dnis:xxxxxxx, Async94, XXXXXXXXXX/xxxxxxx, 2,
service=ppp protocol=vpdn
Thu Apr 15 16:27:16 2010: DEBUG: AuthorizeGroup rule match found: permit
.* { }
Thu Apr 15 16:27:16 2010: INFO: Authorization permitted for
dnis:xxxxxxx, group DEFAULT, args service=ppp protocol=vpdn
Thu Apr 15 16:27:16 2010: DEBUG: TacacsplusConnection Authorization
RESPONSE 1, , ,
Thu Apr 15 16:27:16 2010: DEBUG: TacacsplusConnection disconnected from
194.219.252.130:42362
Thu Apr 15 16:27:16 2010: DEBUG: New TacacsplusConnection created for
194.219.252.130:42363
Thu Apr 15 16:27:16 2010: DEBUG: TacacsplusConnection request 192, 2, 1,
0, 2621224921, 72
Thu Apr 15 16:27:16 2010: DEBUG: TacacsplusConnection Authorization
REQUEST 16, 1, 1, 1, radiustest.gr, Async94, XXXXXXXXXX/xxxxxxx, 2,
service=ppp protocol=vpdn
Thu Apr 15 16:27:16 2010: DEBUG: AuthorizeGroup rule match found: permit
.* { }
Thu Apr 15 16:27:16 2010: INFO: Authorization permitted for
radiustest.gr, group DEFAULT, args service=ppp protocol=vpdn
Thu Apr 15 16:27:16 2010: DEBUG: TacacsplusConnection Authorization
RESPONSE 1, , ,
Thu Apr 15 16:27:16 2010: DEBUG: TacacsplusConnection disconnected from
194.219.252.130:42363
What I want to do is to reply to this request with tha vpdn attributes
for the radiustest.gr domain.
Regards
Vangelis
On 17/4/2010 12:39 πμ, Hugh Irvine wrote:
> Hello Vangelis -
>
> There is an example in the "users" file included in the Radiator distribution.
>
> Here it is:
>
>
> # This example shows how to configure a Cisco VPDN circuit:
> open.com.au User-Password=cisco, Service-Type=Outbound-User
> cisco-avpair = "vpdn:tunnel-id=cca-gw",
> cisco-avpair = "vpdn:ip-addresses=1.2.3.4",
> cisco-avpair = "vpdn:nas-password=pw",
> cisco-avpair = "vpdn:gw-password=pw"
>
>
> Note that this is returned from the RADIUS request processing that is issued by ServerTACACSPLUS.
>
> regards
>
> Hugh
>
>
> On 16 Apr 2010, at 22:44, Vangelis Kyriakakis wrote:
>
>
>> Hello,
>>
>> How can I configure ServerTACACSPLUS to do per domain authorizations
>> without authenticating the users first?
>> I would like to be able to use the following tacacs configuration:
>>
>> user = domain.gr {
>> service = ppp protocol = vpdn {
>> tunnel-type = l2tp
>> tunnel-id = F_DOMAIN
>> vpdn-group = F_DOMAIN
>> l2tp-tunnel-authen=no
>> ip-addresses = "xxx.xxx.xxx.xxx"
>> }
>> }
>>
>> Regards
>> Vangelis Kyriakakis
>> FORTHnet S.A.
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
>
More information about the radiator
mailing list