[RADIATOR] Tacacs Authentication to survive reloads ?

David Heinz heinzdb at corp.earthlink.com
Mon Apr 30 18:24:06 CDT 2012


You could use a ClientListSQL or ClientListLDAP to store your clients and
then instruct it to reload the client list every X seconds.
This is what I do and it works great. When you want to add a client you
just add them to the database.
Dave



On 4/30/12 7:09 PM, "James" <jtp at nc.rr.com> wrote:

>I generally have to bounce the daemon when I add a new device to the
>TACACS+ configuration file (which happens often enough to cause
>problems).
>
>Is there a way to have radiator re-read the configuration file instead
>of stopping and then starting the daemon again?
>
>-james
>
>
>On Mon, Apr 30, 2012 at 05:01, Heikki Vatiainen <hvn at open.com.au> wrote:
>> On 04/16/2012 03:58 PM, James wrote:
>>
>> Hello James, Patrik,
>>
>> returning back to this subject after some more investigation, please see
>> below.
>>
>>> Sorry for not chiming in earlier...I'm also dealing with the same
>>> problem -- TACACS+ reload results in dozens of network device
>>> authentications getting lost. I suppose this becomes problematic when
>>> you have a network of my size (2500+ devices).
>>
>> Hmm, since you both need to reload the server, would there be any
>> possibility to do away with this need? You did not tell why you need to
>> restart the server, so maybe this is something that could be changed?
>>
>>> Would it be possible to reinstate functionality that would allow the
>>> TACACS+ server to survive a reload? That would be very, very helpful!
>>
>> I mentioned the AuthorizeGroup changes were the reason for this change,
>> but I was told there are more reasons too, such as response from the
>> original authentication, any related cisco-avpairs and such. So it looks
>> like there is no good way to recover the old functionality.
>>
>> So maybe the need for reloading Radiator could be made less frequent?
>>
>> Thanks!
>> Heikki
>>
>> --
>> Heikki Vatiainen <hvn at open.com.au>
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>> NetWare etc.
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>_______________________________________________
>radiator mailing list
>radiator at open.com.au
>http://www.open.com.au/mailman/listinfo/radiator



More information about the radiator mailing list