Re: [RADIATOR] Tacacs password issue
Hi, >We have a starange password issue on radiator tacacs.We setup password >length to 8.When user enter 7 character password access rejected,that is >ok.But when a user enters more than 8 characters(like 9,10 etc) He can >login to the related device.What can be the problem? if its standard DES then anything beyong the 8th char is ignored. alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Tacacs password issue
Hi, How are your passwords stored? DES/traditional crypt hashes chops off anything longer than 8 chars. Original message From: Murat Bilal Date: To: radiator@open.com.au Subject: [RADIATOR] Tacacs password issue Hi ALL, We have a starange password issue on radiator tacacs.We setup password length to 8.When user enter 7 character password access rejected,that is ok.But when a user enters more than 8 characters(like 9,10 etc) He can login to the related device.What can be the problem? Thanks___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Tacacs password issue
Hi ALL, We have a starange password issue on radiator tacacs.We setup password length to 8.When user enter 7 character password access rejected,that is ok.But when a user enters more than 8 characters(like 9,10 etc) He can login to the related device.What can be the problem? Thanks ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] SIGHUP restart and AuthByRADSEC opens an additional socket
Hi Radiator team, a SIGHUP to a running radiator (Version 4.11) opens an additional socket for AuthByRADSEC: before SIGHUP > mizar:.../~# netstat -f inet -P tcp -n | grep 193.*2083 > 134.60.Y.X.45917 193.174.Y.X.2083 64128 0 128872 0 ESTABLISHED after SIGHUP > mizar:.../~# netstat -f inet -P tcp -n | grep 193.*2083 > 134.60.Y.X.45917 193.174.Y.X.2083 64128 0 128872 0 ESTABLISHED > 134.60.Y.X.57680 193.174.Y.X.2083 9792 0 128872 0 ESTABLISHED Please verify it whether it's a general problem. Best Regards Charly -- Karl Gaissmaier Universität Ulm ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator 4.11: WARNING: Could not find AuthBy clause with Identifier ...
Hi Heikki,
Am 07.07.2013 21:19, schrieb Heikki Vatiainen:
...
> Yes, that seems to be it. Thanks everyone for locating the change. I was
> thrown off a bit since I was under the impression it fails with stock
> 4.11. That's not the case but the change is in the 4.11 patches. It's
> also not specific to Solaris either.
>
> We'll see what can be done for this.
the problem, I see with activation during config checks, is only with
socket bindings. As far as I see it's only used in:
> Radius/AddressAllocatorDHCP.pm
> Radius/ServerRADIUS.pm
> Radius/ServerTACACSPLUS.pm
> Radius/StreamServer.pm
Maybe you add a condition in this modules during activate() like ...
> | Radius/StreamServer.pm, sub activate()
> | 93,99c93,103
> | < bind($s, $paddr)
> | < || &main::log($main::LOG_ERR, "Could not bind StreamServer
> socket: $!");
> | < listen($s, Socket::SOMAXCONN)
> | < || &main::log($main::LOG_ERR, "Could not listen on StreamServer
> socket: $!");
> | < &Radius::Select::add_file(fileno($s), 1, undef, undef,
> | < \&handle_listen_socket_read, $s, $self);
> | < push(@{$self->{sockets}}, $s);
> | ---
> | > unless ( $self->isCheckingConfiguration ) {
> | > bind( $s, $paddr )
> | > || &main::log( $main::LOG_ERR,
> | > "Could not bind StreamServer socket: $!" );
> | > listen( $s, Socket::SOMAXCONN )
> | > || &main::log( $main::LOG_ERR,
> | > "Could not listen on StreamServer socket: $!" );
> | > &Radius::Select::add_file( fileno($s), 1, undef, undef,
> | > \&handle_listen_socket_read, $s, $self );
> | > push( @{ $self->{sockets} }, $s );
> | > }
Maybe we introduce other bugs in distance, sigh.
Best Regards
Charly
--
Karl Gaissmaier
Universität Ulm
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
