[RADIATOR] TACACS Configuration Issue
Heikki Vatiainen
hvn at open.com.au
Fri Aug 20 10:33:39 UTC 2021
On 19.8.2021 21.32, Johnson, Neil M wrote:
> I have the following in my radiator.conf
>
> # vSRX Clients
> AuthorizeGroup nes_vSRX_group permit service=junos-exec {
> local-user-name=tacplus-nes }
Spaces aren't allowed after '{'. Try this:
AuthorizeGroup nes_vSRX_group permit service=junos-exec
{local-user-name=tacplus-nes}
If you check the startup messages in Radiator's log, there should be
something like this:
Fri Aug 20 13:26:33 2021: ERR: Invalid reply item '
local-user-name=tacplus-nes ' in AuthorizeGroup rule: permit
service=junos-exec { local-user-name=tacplus-nes }
I looked at the configuration samples, reference manual and old versions
and it seems this has always been the case. It seems a bit strict,
though. I'll update the manual to be clear about this.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
More information about the radiator
mailing list