Hi I have been tasked with getting our new Infinera infrastructure to authenticate against our radiator servers.
The catch here is that our current configuration is TACACS+ for our Cisco equipment and the Infinera kit only supports Radius. We wanted to use the same database (example below) so that our engineers would have the same credentials and access levels across both environments. | test | {SSHA}**** | tacacsgroup = admin | | test2 | {SSHA}**** | tacacsgroup = readonly | I have a working solution but was wondering if there was a more elegant way keeping in mind that I probably can't touch the database. <Realm DEFAULT> AuthByPolicy ContinueUntilAccept <AuthBy SQL> Identifier tacacsauth DBSource dbi:mysql:tacacs DBUsername radius DBAuth ********* NoDefault NoDefaultIfFound IgnoreAccounting FailureBackoffTime 10 AuthSelect select password, checkattr, replyattr \ from tacacsUser \ where username=%0 \ and replyattr rlike "admin$" AuthColumnDef 0, Encrypted-Password, check AddToReply Infinera-User-Priv-SA = SA-PRIVILEGED,\ Infinera-User-Priv-NE = NE-PRIVILEGED,\ Infinera-User-Priv-NA = NA-PRIVILEGED,\ Infinera-User-Priv-PR = PR-PRIVILEGED,\ Infinera-User-Priv-TT = TT-PRIVILEGED,\ Infinera-User-AdminDomain = "FX,LAB",\ Infinera-User-Max-Concurrent-Session =2,\ Infinera-User-Allowed-Timezone-Config = TIMEZONE-CONFIG-ALLOW,\ Infinera-User-TimeZone = "IST",\ Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP </AuthBy> <AuthBy SQL> Identifier tacacsauth DBSource dbi:mysql:tacacs DBUsername radius DBAuth iepu0oeC NoDefault NoDefaultIfFound IgnoreAccounting FailureBackoffTime 10 AuthSelect select password, checkattr, replyattr \ from tacacsUser \ where username=%0 \ and replyattr rlike "readonly$" AuthColumnDef 0, Encrypted-Password, check AddToReply Infinera-User-Priv-SA = SA-NONPRIVILEGED,\ Infinera-User-Priv-NE = NE-NONPRIVILEGED,\ Infinera-User-Priv-NA = NA-NONPRIVILEGED,\ Infinera-User-Priv-PR = PR-NONPRIVILEGED,\ Infinera-User-Priv-TT = TT-NONPRIVILEGED,\ Infinera-User-Priv-MA = MA-PRIVILEGED,\ Infinera-User-AdminDomain = "FX,LAB",\ Infinera-User-Max-Concurrent-Session =2,\ Infinera-User-Allowed-Timezone-Config = TIMEZONE-CONFIG-ALLOW,\ Infinera-User-TimeZone = "IST",\ Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP </AuthBy> </Realm> Any ideas would be appreciated. Regards Derick _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator