(RADIATOR) Username missing from AuthLog using TACACS
Title: Message Hi, We are using TACACS with AuthLog FILE and logging the username from Access-Requests. Our config file excerpts are below. The problem is that using %u we never see the username logged from the User-Name attribute in the radius Access Request. Changing the %u to %{User-Name} works with no problems. Config file: AuthLog FILE Identifier AuthLogger Filename %L/%Y%m%d-auth.log SuccessFormat %l:%c:%u:OK FailureFormat %l:%c:%u:FAIL LogSuccess 1 LogFailure 1/AuthLog ServerTACACSPLUS Key AddToRequest NAS-Identifier=TACACS/ServerTACACSPLUS Realm DEFAULT AuthLog AuthLogger AuthBy FILE Filename tacacs.users /AuthBy AcctLogFileName %L/%Y%m%d-acct.log/Realm Authlog result: Tue Dec 2 16:05:25 2003:192.168.x.x.::OK After changing the AuthLog format to use %{User-Name} the logfile looks like: Wed Dec 3 10:06:21 2003:192.168.x.x:justin:OK Using radiator 3.7.1 with latest patches. Thanks Steve
(RADIATOR) Propel Dictionary
Hey guys, I want to add some attributes to the dictionary file or create a new one for Propel. Can you guide me please? They Are: VENDOR Propel 14895 ATTRIBUTE Propel-Accelerate 1 integer ATTRIBUTE Propel-Dialed-Digits 2 string ATTRIBUTE Propel-Client-IP-Address 3 ipaddr ATTRIBUTE Propel-Client-NAS-IP-Address 4 ipaddr ATTRIBUTE Propel-Client-Source-ID 5 integer Thanks, Craig. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Propel Dictionary
Hello Craig - I have added these attributes to the dictionary and I will send you the modified version in a seperate mail. It will also be available in the patches area later today. regards Hugh On 04/12/2003, at 7:06 AM, Craig Gittens wrote: Hey guys, I want to add some attributes to the dictionary file or create a new one for Propel. Can you guide me please? They Are: VENDOR Propel 14895 ATTRIBUTE Propel-Accelerate 1 integer ATTRIBUTE Propel-Dialed-Digits 2 string ATTRIBUTE Propel-Client-IP-Address 3 ipaddr ATTRIBUTE Propel-Client-NAS-IP-Address 4 ipaddr ATTRIBUTE Propel-Client-Source-ID 5 integer Thanks, Craig. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Username missing from AuthLog using TACACS
Hello Steve, On Wed, 3 Dec 2003 10:41 pm, Steve Rogers wrote: Hi, We are using TACACS with AuthLog FILE and logging the username from Access-Requests. Our config file excerpts are below. The problem is that using %u we never see the username logged from the User-Name attribute in the radius Access Request. Changing the %u to %{User-Name} works with no problems. Thanks for reporting this. We have issued a patch that should fix this problem, and attached a new ServerTACACSPLUS.pm for you to test. We apologise for this problem. Cheers. Config file: AuthLog FILE Identifier AuthLogger Filename%L/%Y%m%d-auth.log SuccessFormat %l:%c:%u:OK FailureFormat %l:%c:%u:FAIL LogSuccess 1 LogFailure 1 /AuthLog ServerTACACSPLUS Key AddToRequest NAS-Identifier=TACACS /ServerTACACSPLUS Realm DEFAULT AuthLog AuthLogger AuthBy FILE Filename tacacs.users /AuthBy AcctLogFileName %L/%Y%m%d-acct.log /Realm Authlog result: Tue Dec 2 16:05:25 2003:192.168.x.x.::OK After changing the AuthLog format to use %{User-Name} the logfile looks like: Wed Dec 3 10:06:21 2003:192.168.x.x:justin:OK Using radiator 3.7.1 with latest patches. Thanks Steve -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. # ServerTACACSPLUS.pm # # Object for receiving TACACS+ requests and satisfying them # Incoming TACACS+ authentication requests are converted into # Radius requests. ASCII, PAP, CHAP and MSCHAP are supported. # Incoming TACACS+ authorization requests are always approved, # and any cisco-avpair reply items from the previous Radius Access-Accept are # used as authorization attribute-value pairs # Incoming TACACS+ accounting requests are converted into Radius # accounting requests. # # Based on draft-grant-tacacs-02.txt # # Author: Mike McCauley ([EMAIL PROTECTED]) # Copyright (C) 2003 Open System Consultants # $Id: ServerTACACSPLUS.pm,v 1.15 2003/12/03 22:03:42 mikem Exp mikem $ package Radius::ServerTACACSPLUS; @ISA = qw(Radius::Configurable); use Radius::Configurable; use Radius::Context; use Digest::MD5; use Socket; use strict; # Version numbers $Radius::ServerTACACSPLUS::TAC_PLUSMAJOR_VERSION = 0xc; $Radius::ServerTACACSPLUS::TAC_PLUS_MINOR_VERSION_DEFAULT = 0; $Radius::ServerTACACSPLUS::TAC_PLUSMINOR_VERSION_ONE = 1; # Request types $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN= 1; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHOR= 2; $Radius::ServerTACACSPLUS::TAC_PLUS_ACCT = 3; # Flags $Radius::ServerTACACSPLUS::TAC_PLUS_UNENCRYPTED_FLAG = 0x01; # Not really used! $Radius::ServerTACACSPLUS::TAC_PLUS_SINGLE_CONNECT_FLAG = 0x04; # Authentication Start actions $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_LOGIN = 1; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_CHPASS = 2; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SENDPASS = 3; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SENDAUTH = 4; # Authentication Start privelege levels $Radius::ServerTACACSPLUS::TAC_PLUS_PRIV_LVL_MAX = 0x0f; $Radius::ServerTACACSPLUS::TAC_PLUS_PRIV_LVL_ROOT = 0x0f; $Radius::ServerTACACSPLUS::TAC_PLUS_PRIV_LVL_USER = 0x01; $Radius::ServerTACACSPLUS::TAC_PLUS_PRIV_LVL_MIN = 0x00; # Authentication Start authentication types $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_TYPE_ASCII = 1; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_TYPE_PAP = 2; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_TYPE_CHAP = 3; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_TYPE_ARAP = 4; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_TYPE_MSCHAP= 5; # Authentication Start service types $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SVC_NONE = 0; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SVC_LOGIN = 1; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SVC_ENABLE = 2; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SVC_PPP= 3; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SVC_ARAP = 4; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SVC_PT = 5; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SVC_RCMD = 6; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SVC_X25= 7; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SVC_NASI = 8; $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_SVC_FWPROXY= 9; # Authentication Start status types $Radius::ServerTACACSPLUS::TAC_PLUS_AUTHEN_STATUS_PASS= 1;
Re: (RADIATOR) Propel Dictionary
Hi. You can include in your dictionary the attibutes in this schema. VENDORATTR 14895 Propel-Accelerate 1 integer JC. On Wed, 2003-12-03 at 15:06, Craig Gittens wrote: Hey guys, I want to add some attributes to the dictionary file or create a new one for Propel. Can you guide me please? They Are: VENDOR Propel 14895 ATTRIBUTE Propel-Accelerate 1 integer ATTRIBUTE Propel-Dialed-Digits2 string ATTRIBUTE Propel-Client-IP-Address3 ipaddr ATTRIBUTE Propel-Client-NAS-IP-Address4 ipaddr ATTRIBUTE Propel-Client-Source-ID 5 integer Thanks, Craig. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Julio Cesar Pinto [EMAIL PROTECTED] IFX NETWORKS === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) defunct processes
Hello Daniel - I can't tell from your configuration file what might be happening. The only thing I can guess is perhpas your startup script is starting more than one instance. What hardware/software platform are you running on and what processes are you seeing? Also, what versions of Radiator and Perl are you running? regards Hugh On 04/12/2003, at 4:21 AM, Daniel Bendersky wrote: Hi, Sorry for be to late to send you the conf file, I was in the middle of a migration without much time and the configuration is splited in a lot of parts, so I did join them to send to you. Let me know if you find something that can cause the defunts. thanks! NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.