[RADIATOR] Tacacs Authentication to survive reloads ?

[Hugh Irvine]

Hello Patrick -

See the following in "doc/ref.pdf":


5.88.12 GroupCacheFile

ServerTACACSPLUS can maintain a cache of username->tacacacs_group_name for use if Radiator is restarted between Tacacs authorization and authentication. Defaults to /tmp/radiator-tacacs-usergroup.cache.


regards

Hugh


On 13 Apr 2012, at 00:49, Patrik Forsberg wrote:

> Hi,
> 
> Is there a way to make tacacs+ authentications to survive radiator reload/restart ?
> 
> As we're using Radiator to authenticate/account and authorize commands on various equipment it gets quite annoying when a restart/reload is done and the users have to re-login to be able to continue working.
> The current implementation seem to forget about the authentication and simply reply with a deny and log
> "
> INFO: Authorization denied for <user> at <host>: No context found. Expired?
> "
> which from my reading means that the authentication has timed out - it's not but radiator thinks so as it can't find an active authentication from the user(?).
> 
> I remember that in a previous version of Radiator, not sure about version.. think it was 3.something, there were no problem reloading/restarting Radiator.
> 
> Would it be possible to make a CacheReplyHook(or if there is a PreShutdownHook?)/StartupHook that save/restore the sessions or something ? :)
> 
> 
> (I'm currently using latest 4.9 with patch set from 2/4-2012)
> Regards,
> Patrik Forsberg
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.