[RADIATOR] Two IP addresses on the same network adapter

Remco van Noorloos rvannoorloos at proxsys.nl
Mon Oct 1 06:20:34 CDT 2012 

Hi Heikki,

Where should I add the 'AuthPort' and 'AcctPort' attributes? In the ServerTACACSPLUS-clause?

Remco

-----Oorspronkelijk bericht-----
Van: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] Namens Heikki Vatiainen
Verzonden: maandag 1 oktober 2012 11:27
Aan: radiator at open.com.au
Onderwerp: Re: [RADIATOR] Two IP addresses on the same network adapter

On 10/01/2012 10:09 AM, Remco van Noorloos wrote:

> Since a couple of weeks I've implemented both TACACS as regular RADIUS 
> services on a Windows server with Radiator. I've assigned two IP 
> addresses to the network adapter. One is used for RADIUS requests, the 
> other for TACACS requests.

I agree with Hugh this is a good idea.

I would add these two lines in the TACACS+ instance configuration if they are not there already:

AuthPort
AcctPort

That will make sure the TACACS+ radiusd instance will not try to bind to RADIUS ports.  If you use BindAddress in ServerTACACSPLUS, it should only affect how binding to TACACS+ port is done.

Thanks,
Heikki


> After I did this I'm seeing strange behavior with RADIUS requests. I'm 
> monitoring this for a while now and with RADIUS test requests the one 
> moment I get a 'Access-Accept' message and a minute later a 'Socket 
> Error Connection reset by peer' error message. When this last error 
> occurs I don't see anything in the debug log (level 4). I've 
> configured Radiator to use a specific address using the 'BindAddress' 
> command on global level. For TACACS authentication I configured the 'BindAddress'
> in the ServerTACACSPLUS part of the config.
> 
>  
> 
> I'm trying to avoid using an extra server specific for TACACS 
> authentication because of waste of resources. Is there something I'm 
> missing here?
> 
>  
> 
> Thanks in advance for your answer.
> 
>  
> 
> Best regards,
> 
>  
> 
> PROXSYS
> 
> Remco
> 
>  
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


--
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator

More information about the radiator mailing list