[RADIATOR] ServerTACACSPLUS logging improvements
Heikki Vatiainen
hvn at open.com.au
Mon May 30 04:31:03 CDT 2016
On 27.5.2016 16.04, Hartmaier Alexander wrote:
> The log messages emitted by ServerTACACSPLUS sadly lack all the standard
> Radius attributes like Handler:Identifier, User-Name, Client-Identifier etc.
> Is there a way to improve this situation?
We can, and have already thought about, adding $p (the current request
object, or sometimes $rp, the reply object) to a number of log messages
that happen within message context. That is, where $p or $rp is available.
The request/reply object should provide more information about handlers,
clients, etc.
> The log messages in question are:
> - Could not get peer name on TacacsplusConnection socket: Transport
> endpoint is not connected
Hmm, that's happening very early withing server tacacsplus, so there's
no request, client, etc is available yet. Improvements here may be
small, if any.
> - Authorization permitted for $USERNAME at $IPADDR, group $GROUPNAME,
> args service=shell cmd*
Should be possible, not completely sure yet though.
> But there are also non-ServerTACACSPLUS messages that don't include
> those infos where it would be nice to know which Handler/AuthBy
> trigggered them (those come from an AuthBy LDAP2, but which one?):
> - Connecting to 1.2.3.4:636 1.2.3.5:636
> - Connected to 1.2.3.4:636
> - Attempting to bind to LDAP server 1.2.3.4:636
These should be possible. Sometimes, for example with ClientList LDAP,
the functions that log these are not called within message context. In
other words, depending on the log caller, the call may or may not
include the request that provides Client etc, information.
I'll notify via this list when I have more information about these
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list