[RADIATOR] [External] Re: TACACS Configuration Issue

Johnson, Neil M neil-johnson at uiowa.edu
Mon Aug 23 21:14:11 UTC 2021

That was the issue. Thanks!

Neil Johnson (he/him/his)

-----Original Message-----
From: radiator <radiator-bounces at lists.open.com.au> On Behalf Of Heikki Vatiainen
Sent: Friday, August 20, 2021 5:34 AM
To: radiator at lists.open.com.au
Subject: [External] Re: [RADIATOR] TACACS Configuration Issue

On 19.8.2021 21.32, Johnson, Neil M wrote:

> I have the following in my radiator.conf
>      # vSRX Clients
>      AuthorizeGroup nes_vSRX_group permit service=junos-exec { 
> local-user-name=tacplus-nes }

Spaces aren't allowed after '{'. Try this:

AuthorizeGroup nes_vSRX_group permit service=junos-exec {local-user-name=tacplus-nes}

If you check the startup messages in Radiator's log, there should be something like this:

Fri Aug 20 13:26:33 2021: ERR: Invalid reply item ' 
local-user-name=tacplus-nes ' in AuthorizeGroup rule: permit service=junos-exec { local-user-name=tacplus-nes }

I looked at the configuration samples, reference manual and old versions 
and it seems this has always been the case. It seems a bit strict, 
though. I'll update the manual to be clear about this.


Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
radiator mailing list
radiator at lists.open.com.au

More information about the radiator mailing list