[RADIATOR] TACACS Authorisation sessions across reloads in 4.9

Patrik Forsberg patrik.forsberg at ip-only.se
Fri Jun 8 02:32:09 CDT 2012


Hello,

Sorry for being slow to answer this!
This is exactly the functionality I wished for.
One thing thou. Is it possible to modify the 24 hour limit to follow "AuthorizationTimeout" clause instead of a static value ?

What's the word from OSC ? is it possible that this could find its way into a patchset or next release ?
Or does it break something unforeseen ?

Mvh,
Patrik Forsberg

From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Jason Griffith
Sent: Wednesday, May 30, 2012 8:45 PM
To: radiator at open.com.au
Subject: [RADIATOR] TACACS Authorisation sessions across reloads in 4.9

Hello,

I've recently been toying with Radiator 4.9 as we are planning on upgrading from 4.5 and have come across this TACACS+ session issue where command authorisations fail after Radiator is reloaded even when the session is saved to the temporary TACACS sessions file. I could not get this to function correctly with standard configuration listed in the manual.

As I can't compromise on the frequency of Radiator reloads due to our integration with other upstream systems, I instead modified the Radius/ServerTACACSPLUS.pm file (see attached). I've done a couple of things here - move the check for a valid context to after the point where the temporary file is read; and also added a timestamp to the session file so that any sessions older than 24 hours will not authorise. My initial testing of this is positive and I have not come across anything unexpected.

My question to the group is - are there any side effects to this of which I may not be aware of or any other features that I'm not using right now that may be broken? Being only familiar with the features we use and our other customisations I thought it best to throw this out there.

Thanks for any feed back.

Jason Griffith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120608/6ffd43a7/attachment.html 


More information about the radiator mailing list