s
causes most of my duplicates to vanish..
I'm using a AuthBy Group that has ContinueUntilAccept set and even when a user
gets rejected it simply continues.. which would be the natural thing with
ContinueUntilAccept but this also causes the rejected login to become &qu
e the externals wait longer for a response ?
I'll try to catch this in a trace4 with logmicroseconds.
Regards,
Patrik Forsberg
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: den 24 november 2014 23:10
> To: Patrik Forsberg
> Cc: radiator@open.com.au
?
When the external radius servers get to many requests on them the internal
starts ignoring the requests due to duplicates ?
Are there some other directive I can put in Clients, or other parts of the
configuration, to stop this from happening ?
Best Regards,
Patri
Hi,
> > I've enabled CachePasswords and CacheOnNoReply False ni Radiator 4.13 -
> latest patch cluster applied.
> > Now I'm seeing a lot of
> > "
> > AuthRADIUS: No response for $p->{OriginalUserName} ($fp->{Identifier})
> from any RADIUS hosts, and no cached password available. Ignoring
>
> Hell
ing
"
In the logs.. I suspect that comes from the CachePasswords rutine..
Regards,
Patrik Forsberg
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
can't find anything that seem to indicate
a fix for the issue in 4.10 or 4.11 :|
Might be that I don't see the obvious ofc! :)
Thanks,
Patrik Forsberg
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
nd its way into a
patchset or next release ?
Or does it break something unforeseen ?
Mvh,
Patrik Forsberg
From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On
Behalf Of Jason Griffith
Sent: Wednesday, May 30, 2012 8:45 PM
To: radiator@open.com.au
Subject: [RADIATOR] TACAC
Thanks,
This kind of confirms what I initially thought.
>From what I can see in the PasswordLog thingie doesn't log the local character
>at all in the column that specifies what radiator received.. so I'd say this
>is an equipment issue.
Regards,
Patrik Forsberg
>
RADCOMMANDAUDIT
(ACCTSESSIONID,ACCTSTATUSTYPE,CMD,NASIPADDRESS,NASPORTID,TIME_STAMP,USERNAME)
values
('2077904988','Start','start_time=1337614871','2.2.2.2','telnet933',1337585687,'test2')':
Mon May 21 09:34:47 2012: DEBUG: AuthBy SQL result: ACCEPT,
Mon May 21 09:34:47 2012: DEBUG: Accounting accepted
Mon May 21 09:34:47 2012: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code: Accounting-Response
Identifier: UNDEF
Authentic: <167><144><5>y<0><7><21>a<10><191><250>v<248><194>_<5>
Attributes:
Mon May 21 09:34:47 2012: DEBUG: TacacsplusConnection result Accounting-Response
Mon May 21 09:34:47 2012: DEBUG: TacacsplusConnection Accounting REPLY 1, ,
Mon May 21 09:34:47 2012: DEBUG: TacacsplusConnection disconnected from
2.2.2.2:42613
"
>From "PasswordLogFileName"
hallå password: Mon May 21 09:34:10 2012: 1337585650:test2:hall:hallÃ¥:FAIL
hello password: Mon May 21 09:34:47 2012: 1337585687:test2:hello:hello:PASS
Regards,
Patrik Forsberg
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
e, it willl override any DefaultClient defined
> > in the Server TACACSPLUS clause.
> >
> >
> > If you have time to test this, please let us know how it goes.
>
> I'll give it a try, thanks! :)
HI,
This works as expected, thanks!
Will make my lif
> On 04/18/2012 12:07 PM, Heikki Vatiainen wrote:
>
> >> This might be by-design ofc.. just noticed it tho :)
> >
> > I'll check if there's such history behind this. Thanks for notifying us.
>
> Hello Patrik,
>
> the current patches now have this change.
>
> 2012-04-20 ServerTACACSPLUS.pm tacac
> Hello James, Patrik,
>
> returning back to this subject after some more investigation, please see
> below.
>
> > Sorry for not chiming in earlier...I'm also dealing with the same
> > problem -- TACACS+ reload results in dozens of network device
> > authentications getting lost. I suppose this b
onfig wise nothing seem to be wrong.
Regards,
Patrik Forsberg
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
> > Did another downgrade to 4.6 this time and here the issue seem to be
> gone..
> > I can reload/restart and the commands gets authorized as they should..
>
> With version 4.7 + patches you tried, the patches may have included
> AuthorizeGroupAttr so that's why it did not work. It was between 4.
.
Regards,
Patrik Forsberg
-Original Message-
From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On
Behalf Of Patrik Forsberg
Sent: den 16 april 2012 12:57
To: Heikki Vatiainen; radiator@open.com.au
Subject: Re: [RADIATOR] Tacacs Authentication to survive reloads
To follow this up .. I tried downgrading to 4.7, with patches, and it seem to
have the exact same issue..
Regards,
Patrik Forsberg
> -Original Message-
> From: radiator-boun...@open.com.au [mailto:radiator-
> boun...@open.com.au] On Behalf Of Patrik Forsberg
> Sent: Frid
uthorization
> patters may no longer be correct without the overrides.
So.. downgrade to pre-4.8 ?
or any way to re-instate the context(s) after a reload in some way ?
or is there something in the configuration I can change to make it "better" for
the tacacs server ?
er a reload has been done
-
Fri Apr 13 09:22:55 2012: DEBUG: New TacacsplusConnection created for
:46162
Fri Apr 13 09:22:55 2012: DEBUG: TacacsplusConnection request 192, 2, 1, 0,
655684940, 70
Fri Apr 13 09:22:55 2012: DEBUG: TacacsplusConnection Authorization REQUEST 6,
15, 1, 1, , telnet261,
k?)/StartupHook that save/restore the sessions or something ? :)
(I'm currently using latest 4.9 with patch set from 2/4-2012)
Regards,
Patrik Forsberg
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
orizeGroup permit service=arbor {arbor_group=system_admin}
AuthorizeGroup permit .*
it might help.. or might not ;)
Regards,
Patrik Forsberg
From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On
Behalf Of David Heinz
Sent: Tuesday, June 21, 2011 7:50 PM
To: radiator@o
Hi,
I'm currently setting up an environment where I use RadSec to authenticate to
another Radiator and if that fails(with ignore or reject) it should continue to
a local user database.
This should be pretty simple I think and it does work.. almost.
What is really weird about this, I think, is t
Nvm, I figured it out :)
Regards,
Patrik Forsberg
> -Original Message-
> From: radiator-boun...@open.com.au [mailto:radiator-
> boun...@open.com.au] On Behalf Of Patrik Forsberg
> Sent: Thursday, February 03, 2011 10:48 AM
> To: radiator@open.com.au
> Subject: [
f the ldap is up and
running the users in the db file shoulden't be able to authenticate.. aka. they
should only be active when the ldap servers are down.. never when they are up.
Thanks,
Patrik Forsberg
___
radiator mailing list
radiator@open.com.
verify the message contents with e.g.,
> Wireshark that would be useful to see where to ask fixes from.
Done so and it shows what was expected.. the remote address is coded as
::: .. which doesn't show the complete ipv4 ip.
Well as said above.. ;)
Thanks again!
TacacsplusConnection Accounting REPLY 1, ,
Wed Jan 26 15:55:43 2011: DEBUG: TacacsplusConnection disconnected from
111.11.111.111:60789
---
The the log.. snipped out a few things and changed the ip to 111s ;)
As far as I can tell the rem_addr is getting limited by rem_addr_len in
ServerTACACS.pm .. but that in it self might not be it ?
Did a Trace 5 dump too.. but that doesn't seem to reveal anything that the
trace 4 dump doesn't.
Thanks again,
Patrik Forsberg
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
7;m guessing it has to do with Tacacs not radius ?
Anyone else seen this or have it working somewhere that doesn't show this ?
Perhaps a fix ?
Thanks,
Patrik Forsberg
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
> ## Users file ##
>
> demoUser-Password = "test1"
> Service-Type = Framed-User,
> Framed-Protocol = PPP
>
> DEFAULT Auth-Type = System
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Fra
Hi..
I've got a .. minor problem.
I have three different ways a user could get authenticated.
1st is a "users" file for special cases, like static ip-addresses and so
on.
2nd is a deny user file where I put users that ain't supposed to get in.
3rd is UNIX based authentication.
I've ripped out no
Hi.
I've got a situation where I which to deny a user depending on ether
login-shell or have a separate file with usernames in it.
Any ideas on how I could to this ? :)
I've been reading the manual and searching the archives for answer.. but
without luck :/
Regards,
Patrik
===
Archive at http:
domain (domain1).
domain1 is changing from time to time but domain2 is static and wont
change.
Any ideas how I can solve this ?
Best Regards,
Patrik Forsberg
Dataphone Sweden AB
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EM
30 matches
Mail list logo
