[RADIATOR] Tacacs Authentication to survive reloads ?
Heikki Vatiainen
hvn at open.com.au
Mon Apr 30 04:01:33 CDT 2012
On 04/16/2012 03:58 PM, James wrote:
Hello James, Patrik,
returning back to this subject after some more investigation, please see
below.
> Sorry for not chiming in earlier...I'm also dealing with the same
> problem -- TACACS+ reload results in dozens of network device
> authentications getting lost. I suppose this becomes problematic when
> you have a network of my size (2500+ devices).
Hmm, since you both need to reload the server, would there be any
possibility to do away with this need? You did not tell why you need to
restart the server, so maybe this is something that could be changed?
> Would it be possible to reinstate functionality that would allow the
> TACACS+ server to survive a reload? That would be very, very helpful!
I mentioned the AuthorizeGroup changes were the reason for this change,
but I was told there are more reasons too, such as response from the
original authentication, any related cisco-avpairs and such. So it looks
like there is no good way to recover the old functionality.
So maybe the need for reloading Radiator could be made less frequent?
Thanks!
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list