[RADIATOR] TACACS Configuration Issue

Johnson, Neil M neil-johnson at uiowa.edu
Thu Aug 19 18:32:05 UTC 2021 

I have the following in my radiator.conf

    # vSRX Clients
    AuthorizeGroup nes_vSRX_group permit service=junos-exec { local-user-name=tacplus-nes }

But I'm seeing this in a trace log:

a824d200 Thu Aug 19 13:10:41 2021 280832: DEBUG: AuthBy GROUP result: ACCEPT,
a824d200 Thu Aug 19 13:10:41 2021 280910: DEBUG: Access accepted for nmjoo
Thu Aug 19 13:10:41 2021: AUTH: User nmjoo SUCCESSFULLY authenticated to device 128.255.97.28 ()
a824d200 Thu Aug 19 13:10:41 2021 281168: DEBUG: Packet dump:
a824d200 *** Reply to TACACSPLUS request:
a824d200 Code:       Access-Accept
a824d200 Identifier: UNDEF
a824d200 Authentic:  <26><131>0<175><129><6><1><132>'<225><175>]<200><248>l<175>
a824d200 Attributes:
a824d200        tacacsgroup = nes_vSRX_group

00000000 Thu Aug 19 13:10:41 2021 281237: DEBUG: TacacsplusConnection result Access-Accept
00000000 Thu Aug 19 13:10:41 2021 281355: DEBUG: TacacsplusConnection Authentication REPLY 1, 0, ,
00000000 Thu Aug 19 13:10:41 2021 281473: DEBUG: Stream disconnected from 128.255.97.28 (128.255.97.28 port 60548)
00000000 Thu Aug 19 13:10:41 2021 283729: DEBUG: StreamServer: New connection from 128.255.97.28 port 60549
00000000 Thu Aug 19 13:10:41 2021 287277: DEBUG: Stream connected to 128.255.97.28 (128.255.97.28 port 60549)
00000000 Thu Aug 19 13:10:41 2021 287612: DEBUG: New StreamServer Connection created for 128.255.97.28 port 60549
00000000 Thu Aug 19 13:10:41 2021 287925: DEBUG: TacacsplusConnection request 192, 2, 1, 4, 3717832497, 49
00000000 Thu Aug 19 13:10:41 2021 288216: DEBUG: TacacsplusConnection Authorization REQUEST 1, 1, 1, 0, nmjoo at ui, , 128.255.204.18, 1, service=junos-exec
00000000 Thu Aug 19 13:10:41 2021 288494: DEBUG: AuthorizeGroup rule match found: permit service=junos-exec {  } {  }
00000000 Thu Aug 19 13:10:41 2021 288643: INFO: Authorization permitted for nmjoo at ui at 128.255.97.28, group nes_vSRX_group, args service=junos-exec
00000000 Thu Aug 19 13:10:41 2021 288790: DEBUG: TacacsplusConnection Authorization RESPONSE 1, , ,
00000000 Thu Aug 19 13:10:41 2021 289506: ERR: Stream sysread for 128.255.97.28 (128.255.97.28 port 60549) failed: . Peer probably disconnected.
00000000 Thu Aug 19 13:10:41 2021 289710: DEBUG: Stream disconnected from 128.255.97.28 (128.255.97.28 port 60549)

What am I doing wrong?

Thanks!
-Neil


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20210819/d1c7d9d3/attachment.html>

More information about the radiator mailing list