[RADIATOR] Authn/Acct split with TACACS+

Hugh Irvine hugh at open.com.au
Tue May 25 18:25:31 CDT 2010


Hello Andrew -

My personal preference is to run TACACS+ in a separate process to keep things a bit simpler.

In any case, it is usually easiest to write your configuration file with GlobalVar's for the parameters that will change, then pass the GlobalVar's in on the command line for each instance.

And for ports you don't use, rather than "0" you should use '' (two single quotes) which won't open any port at all.

hope that helps

regards

Hugh


On 26 May 2010, at 04:14, Andrew Clark wrote:

> Hi,
> 
> I'd like to split my Radiator into two instances; one for authentication and the other for accounting.  I'd also like to not split my configuration (too much).  This seems easy to do with the auth_port and acct_port parameters on the command line (I'm setting the acct_port to 0 on the authentication instance and vice versa).  The only wrinkle I seem to have is my ServerTACACSPLUS section, since both processes want to bind to the TACACS+ TCP port.  
> Any suggestions on how to handle this?  (A third instance for TACACS+?)
> 
> How do TACACS+ derived RADIUS requests get handled in this split model?
> 
> -- 
> Andrew D. Clark
> Network Operations Engineer
> University of Minnesota, Networking/Telecom Services
> 2218 University Ave SE
> Minneapolis, MN 55414-3029
> Phone: 612-626-4880
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list