[RADIATOR] Tacacs Authentication to survive reloads ?

James jtp at nc.rr.com
Mon Apr 30 18:32:04 CDT 2012


Can you provide snippet of configuration for your tacacs+
configuration, if you don't mind?

-james

On Mon, Apr 30, 2012 at 19:24, David Heinz <heinzdb at corp.earthlink.com> wrote:
> You could use a ClientListSQL or ClientListLDAP to store your clients and
> then instruct it to reload the client list every X seconds.
> This is what I do and it works great. When you want to add a client you
> just add them to the database.
> Dave
>
>
>
> On 4/30/12 7:09 PM, "James" <jtp at nc.rr.com> wrote:
>
>>I generally have to bounce the daemon when I add a new device to the
>>TACACS+ configuration file (which happens often enough to cause
>>problems).
>>
>>Is there a way to have radiator re-read the configuration file instead
>>of stopping and then starting the daemon again?
>>
>>-james
>>
>>
>>On Mon, Apr 30, 2012 at 05:01, Heikki Vatiainen <hvn at open.com.au> wrote:
>>> On 04/16/2012 03:58 PM, James wrote:
>>>
>>> Hello James, Patrik,
>>>
>>> returning back to this subject after some more investigation, please see
>>> below.
>>>
>>>> Sorry for not chiming in earlier...I'm also dealing with the same
>>>> problem -- TACACS+ reload results in dozens of network device
>>>> authentications getting lost. I suppose this becomes problematic when
>>>> you have a network of my size (2500+ devices).
>>>
>>> Hmm, since you both need to reload the server, would there be any
>>> possibility to do away with this need? You did not tell why you need to
>>> restart the server, so maybe this is something that could be changed?
>>>
>>>> Would it be possible to reinstate functionality that would allow the
>>>> TACACS+ server to survive a reload? That would be very, very helpful!
>>>
>>> I mentioned the AuthorizeGroup changes were the reason for this change,
>>> but I was told there are more reasons too, such as response from the
>>> original authentication, any related cisco-avpairs and such. So it looks
>>> like there is no good way to recover the old functionality.
>>>
>>> So maybe the need for reloading Radiator could be made less frequent?
>>>
>>> Thanks!
>>> Heikki
>>>
>>> --
>>> Heikki Vatiainen <hvn at open.com.au>
>>>
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>>> NetWare etc.
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>_______________________________________________
>>radiator mailing list
>>radiator at open.com.au
>>http://www.open.com.au/mailman/listinfo/radiator
>


More information about the radiator mailing list