[RADIATOR] Tacacs Authentication to survive reloads ?

[Patrik Forsberg]

> Hello James, Patrik,
> 
> returning back to this subject after some more investigation, please see
> below.
> 
> > Sorry for not chiming in earlier...I'm also dealing with the same
> > problem -- TACACS+ reload results in dozens of network device
> > authentications getting lost. I suppose this becomes problematic when
> > you have a network of my size (2500+ devices).
> 
> Hmm, since you both need to reload the server, would there be any
> possibility to do away with this need? You did not tell why you need to
> restart the server, so maybe this is something that could be changed?
> 
> > Would it be possible to reinstate functionality that would allow the
> > TACACS+ server to survive a reload? That would be very, very helpful!
> 
> I mentioned the AuthorizeGroup changes were the reason for this change,
> but I was told there are more reasons too, such as response from the
> original authentication, any related cisco-avpairs and such. So it looks
> like there is no good way to recover the old functionality.
> 
> So maybe the need for reloading Radiator could be made less frequent?

Sorry for the late response, been on vacation :), but the issue appears for example when you need to add/remove a client or make any kind of configuration change.
So even if we do keep the frequency down as much as possible it still annoys the people that need to use the service.

There are a lot of automated systems that do random logins to various systems that use tacacs as authentication method and if for some reason, like adding a new client, it ain't allowed to run its commands it could be devastating to the network(s).

Regards,
Patrik