Hi,
We are using TACACS with
AuthLog FILE and logging the username from Access-Requests. Our config file
excerpts are below. The problem is that using %u we never see the username
logged from the User-Name attribute in the radius Access Request. Changing the
%u to %{User-Name} works with no problems.
Config
file:
<AuthLog
FILE>
Identifier AuthLogger
Filename %L/%Y%m%d-auth.log
SuccessFormat %l:%c:%u:OK
FailureFormat %l:%c:%u:FAIL
LogSuccess 1
LogFailure 1
</AuthLog>
Identifier AuthLogger
Filename %L/%Y%m%d-auth.log
SuccessFormat %l:%c:%u:OK
FailureFormat %l:%c:%u:FAIL
LogSuccess 1
LogFailure 1
</AuthLog>
<ServerTACACSPLUS>
Key
AddToRequest NAS-Identifier=TACACS
</ServerTACACSPLUS>
Key
AddToRequest NAS-Identifier=TACACS
</ServerTACACSPLUS>
<Realm
DEFAULT>
AuthLog AuthLogger
<AuthBy FILE>
Filename tacacs.users
</AuthBy>
AcctLogFileName %L/%Y%m%d-acct.log
</Realm>
AuthLog AuthLogger
<AuthBy FILE>
Filename tacacs.users
</AuthBy>
AcctLogFileName %L/%Y%m%d-acct.log
</Realm>
Authlog
result:
Tue Dec 2 16:05:25
2003:192.168.x.x.::OK
After changing the AuthLog
format to use %{User-Name} the logfile looks like:
Wed Dec 3 10:06:21
2003:192.168.x.x:justin:OK
Using radiator 3.7.1 with
latest patches.
Thanks
Steve