Re: Help with tactrace.pl
97 views
Skip to first unread message
Message has been deleted
Marc Huber
Mar 14, 2024, 3:03:25 PMMar 14
to event-driv...@googlegroups.com
Hi Carlos,
never seen that ... I'd first check whether the tac_plus-ng.cfg
configuration is fine (tac_plus-ng -P /usr/local/etc/tac_plus-ng.cfg),
and if that succeeds I'd try "strace -f tactrace.pl ...").
Cheers,
Marc
On 14.03.2024 19:51, Carlos Lopez wrote:
> Hello, new to the group...
>
> I'm trying to debug a tacacs+ session but am getting zero output when
> running "tactrace.pl".
>
> My install consisted of the following:
> *Add Perl Modules*sudo cpan cpan[1]> install Net::IP cpan[1]> install
> Net::TacacsPlus::Packet cpan[1]> install Net::LDAP *Download and
> install tacacs+ ng*git clone
> https://github.com/MarcJHuber/event-driven-servers.git cd
> event-driven-servers/ ./configure tac_plus-ng make sudo make install
> *Add tacplus config file*cd /usr/local/etc sudo touch tac_plus-ng.cfg
> sudo chmod 755 tac_plus-ng.cfg sudo nano tac_plus-ng.cfg
>
> And here's what I get when running *tactrace.pl*
> carlopez@tacacs01:/usr/local/bin$ tactrace.pl --remote=172.30.175.5
> --nad=172.16.100.4 --key=<tacacs-key> --port=4900 --password=<password>
>
> carlopez@tacacs01:/usr/local/bin$
>
> Nothing, it just stays with the cursor blinking and I have to quit it.
>
> Any insight into why I would be seeing this issue would be greatly
> appreciated.
>
> Cheers.
>
> them...@gmail.com
>
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Event-Driven Servers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to event-driven-ser...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/event-driven-servers/1c88f317-14c6-43d7-9967-cc2744df324bn%40googlegroups.com
> <https://groups.google.com/d/msgid/event-driven-servers/1c88f317-14c6-43d7-9967-cc2744df324bn%40googlegroups.com?utm_medium=email&utm_source=footer>.
never seen that ... I'd first check whether the tac_plus-ng.cfg
configuration is fine (tac_plus-ng -P /usr/local/etc/tac_plus-ng.cfg),
and if that succeeds I'd try "strace -f tactrace.pl ...").
Cheers,
Marc
On 14.03.2024 19:51, Carlos Lopez wrote:
> Hello, new to the group...
>
> I'm trying to debug a tacacs+ session but am getting zero output when
> running "tactrace.pl".
>
> My install consisted of the following:
> *Add Perl Modules*sudo cpan cpan[1]> install Net::IP cpan[1]> install
> Net::TacacsPlus::Packet cpan[1]> install Net::LDAP *Download and
> install tacacs+ ng*git clone
> https://github.com/MarcJHuber/event-driven-servers.git cd
> event-driven-servers/ ./configure tac_plus-ng make sudo make install
> *Add tacplus config file*cd /usr/local/etc sudo touch tac_plus-ng.cfg
> sudo chmod 755 tac_plus-ng.cfg sudo nano tac_plus-ng.cfg
>
> And here's what I get when running *tactrace.pl*
> carlopez@tacacs01:/usr/local/bin$ tactrace.pl --remote=172.30.175.5
> --nad=172.16.100.4 --key=<tacacs-key> --port=4900 --password=<password>
>
> carlopez@tacacs01:/usr/local/bin$
>
> Nothing, it just stays with the cursor blinking and I have to quit it.
>
> Any insight into why I would be seeing this issue would be greatly
> appreciated.
>
> Cheers.
>
> them...@gmail.com
>
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Event-Driven Servers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to event-driven-ser...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/event-driven-servers/1c88f317-14c6-43d7-9967-cc2744df324bn%40googlegroups.com
> <https://groups.google.com/d/msgid/event-driven-servers/1c88f317-14c6-43d7-9967-cc2744df324bn%40googlegroups.com?utm_medium=email&utm_source=footer>.
Message has been deleted
Marc Huber
Mar 14, 2024, 3:32:23 PMMar 14
to event-driv...@googlegroups.com
Hi Carlos,
your trace shows
stat("/usr/local/etc/tac_plus-ng/tac_plus-ng.cfg", 0x55d9636314f0) = -1
ENOENT (No such file or directory)
brk(0x55d96416b000) = 0x55d96416b000
write(2, "Can't access /usr/local/etc/tac_"..., 96Can't access
/usr/local/etc/tac_plus-ng/tac_plus-ng.cfg at /usr/local/bin/tactrace.pl
line 118.
) = 96
which indicates that that particular configuration file doesn't exist ...
I'm a bit surprised right now. I don't think that
/usr/local/etc/tac_plus-ng/tac_plus-ng.cfg is any hard-coded default
location.
Please retry with
tactrace.pl --conf=/path/to/your/actual/configuration/file ...
Cheers,
Marc
your trace shows
stat("/usr/local/etc/tac_plus-ng/tac_plus-ng.cfg", 0x55d9636314f0) = -1
ENOENT (No such file or directory)
brk(0x55d96416b000) = 0x55d96416b000
write(2, "Can't access /usr/local/etc/tac_"..., 96Can't access
/usr/local/etc/tac_plus-ng/tac_plus-ng.cfg at /usr/local/bin/tactrace.pl
line 118.
) = 96
which indicates that that particular configuration file doesn't exist ...
I'm a bit surprised right now. I don't think that
/usr/local/etc/tac_plus-ng/tac_plus-ng.cfg is any hard-coded default
location.
Please retry with
tactrace.pl --conf=/path/to/your/actual/configuration/file ...
Cheers,
Marc
Message has been deleted
Marc Huber
Mar 14, 2024, 3:53:50 PMMar 14
to event-driv...@googlegroups.com
Hi Carlos,
thanks! This:
[pidd 2806] mprotect(0x7f01b7bfb000, 4096, PROT_READ) = 0
[pid 2806] stat("/usr/local/lib/mavis/mavis_tacplus-ng_ldap.pl",
{st_mode=S_IFREG|0755, st_size=14710, ...}) = 0
[pid 2806] brk(0x559e0145d000) = 0x559e0145d000
[pid 2806] brk(0x559e01453000) = 0x559e01453000
[pid 2806] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR,
si_addr=0x1} ---
[pid 2806] +++ killed by SIGSEGV (core dumped) +++
looks bad. Could you share a sample config for me that reproduce this?
The SEGV comes closely after she
stat("/usr/local/lib/mavis/mavis_tacplus-ng_ldap.pl"), so having a
closer insight into the configuration you're using might help.
Thanks,
Marc
On 14.03.2024 20:38, Carlos Lopez wrote:
> Oh man, that was my bad on config location. Attached is the updated
> *strace* file for review.
>
> Cheers,
>
> Carlos Lopez
> --conf=/path/to/your/actual/configuration/file ...
>
> Cheers,
>
> Marc
> <https://groups.google.com/d/msgid/event-driven-servers/9c927b18-9f02-43a2-83b4-8e2db7c4d466n%40googlegroups.com?utm_medium=email&utm_source=footer>.
thanks! This:
[pidd 2806] mprotect(0x7f01b7bfb000, 4096, PROT_READ) = 0
[pid 2806] stat("/usr/local/lib/mavis/mavis_tacplus-ng_ldap.pl",
{st_mode=S_IFREG|0755, st_size=14710, ...}) = 0
[pid 2806] brk(0x559e0145d000) = 0x559e0145d000
[pid 2806] brk(0x559e01453000) = 0x559e01453000
[pid 2806] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR,
si_addr=0x1} ---
[pid 2806] +++ killed by SIGSEGV (core dumped) +++
looks bad. Could you share a sample config for me that reproduce this?
The SEGV comes closely after she
stat("/usr/local/lib/mavis/mavis_tacplus-ng_ldap.pl"), so having a
closer insight into the configuration you're using might help.
Thanks,
Marc
On 14.03.2024 20:38, Carlos Lopez wrote:
> Oh man, that was my bad on config location. Attached is the updated
> *strace* file for review.
>
> Cheers,
>
> Carlos Lopez
> On Thursday, March 14, 2024 at 12:32:23 PM UTC-7 Marc Huber wrote:
>
> Hi Carlos,
>
> your trace shows
>
> stat("/usr/local/etc/tac_plus-ng/tac_plus-ng.cfg", 0x55d9636314f0)
> = -1
> ENOENT (No such file or directory)
> brk(0x55d96416b000) = 0x55d96416b000
> write(2, "Can't access /usr/local/etc/tac_"..., 96Can't access
> /usr/local/etc/tac_plus-ng/tac_plus-ng.cfg at
> /usr/local/bin/tactrace.pl <http://tactrace.pl>
>
> Hi Carlos,
>
> your trace shows
>
> stat("/usr/local/etc/tac_plus-ng/tac_plus-ng.cfg", 0x55d9636314f0)
> = -1
> ENOENT (No such file or directory)
> brk(0x55d96416b000) = 0x55d96416b000
> write(2, "Can't access /usr/local/etc/tac_"..., 96Can't access
> /usr/local/etc/tac_plus-ng/tac_plus-ng.cfg at
> line 118.
> ) = 96
>
> which indicates that that particular configuration file doesn't
> exist ...
>
> I'm a bit surprised right now. I don't think that
> /usr/local/etc/tac_plus-ng/tac_plus-ng.cfg is any hard-coded default
> location.
>
> Please retry with
>
> tactrace.pl <http://tactrace.pl>
> ) = 96
>
> which indicates that that particular configuration file doesn't
> exist ...
>
> I'm a bit surprised right now. I don't think that
> /usr/local/etc/tac_plus-ng/tac_plus-ng.cfg is any hard-coded default
> location.
>
> Please retry with
>
> --conf=/path/to/your/actual/configuration/file ...
>
> Cheers,
>
> Marc
>
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Event-Driven Servers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to event-driven-ser...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/event-driven-servers/9c927b18-9f02-43a2-83b4-8e2db7c4d466n%40googlegroups.com
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Event-Driven Servers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to event-driven-ser...@googlegroups.com.
> To view this discussion on the web visit
> <https://groups.google.com/d/msgid/event-driven-servers/9c927b18-9f02-43a2-83b4-8e2db7c4d466n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Message has been deleted
Marc Huber
Mar 14, 2024, 5:25:03 PMMar 14
to event-driv...@googlegroups.com
Hi,
your configuration reads
if (gid =~ /vpn-access/) {
and just isn't valid syntax. "tac_plus-ng -P ..." confirms this.
Cheers,
Marc
On 14.03.2024 21:03, Carlos Lopez wrote:
> Sure, attached is my config for further review along with *mavistest*
> output
>
> /usr/local/bin/mavistest -d -1 /usr/local/etc/tac_plus-ng.cfg
> tac_plus-ng TACPLUS carlopez
> Input attribute-value-pairs:
> TYPE TACPLUS
> TIMESTAMP mavistest-2961-1710446425-0
> USER carlopez
> TACTYPE INFO
>
> Output attribute-value-pairs:
> TYPE TACPLUS
> TIMESTAMP mavistest-2961-1710446425-0
> USER carlopez
> DN cn=carlopez,ou=users,dc=lab,dc=net
> RESULT ACK
> UID 1001
> GID vpn-admins
> HOME /home/carlopez
> SERIAL Xyn8wVemc2PZeF+S6ZzLcA=
> IDENTITY_SOURCE 1
> TACTYPE INFO
> SHELL /bin/bash
>
> Thank you
>
> Cheers,
>
> Carlos Lopez
> > carlopez@tacacs01:/usr/local/bin$ tactrace.pl
> <http://tactrace.pl> --remote=172.30.175.5
> <https://groups.google.com/d/msgid/event-driven-servers/c2645abd-80a0-4f57-9636-04c144c01748n%40googlegroups.com?utm_medium=email&utm_source=footer>.
your configuration reads
if (gid =~ /vpn-access/) {
and just isn't valid syntax. "tac_plus-ng -P ..." confirms this.
Cheers,
Marc
On 14.03.2024 21:03, Carlos Lopez wrote:
> Sure, attached is my config for further review along with *mavistest*
> output
>
> /usr/local/bin/mavistest -d -1 /usr/local/etc/tac_plus-ng.cfg
> tac_plus-ng TACPLUS carlopez
> Input attribute-value-pairs:
> TYPE TACPLUS
> TIMESTAMP mavistest-2961-1710446425-0
> USER carlopez
> TACTYPE INFO
>
> Output attribute-value-pairs:
> TYPE TACPLUS
> TIMESTAMP mavistest-2961-1710446425-0
> USER carlopez
> DN cn=carlopez,ou=users,dc=lab,dc=net
> RESULT ACK
> UID 1001
> GID vpn-admins
> HOME /home/carlopez
> SERIAL Xyn8wVemc2PZeF+S6ZzLcA=
> IDENTITY_SOURCE 1
> TACTYPE INFO
> SHELL /bin/bash
>
> Thank you
>
> Cheers,
>
> Carlos Lopez
> On Thursday, March 14, 2024 at 12:03:25 PM UTC-7 Marc Huber wrote:
>
> Hi Carlos,
>
> never seen that ... I'd first check whether the tac_plus-ng.cfg
> configuration is fine (tac_plus-ng -P
> /usr/local/etc/tac_plus-ng.cfg),
> and if that succeeds I'd try "strace -f tactrace.pl
> <http://tactrace.pl> ...").
>
> Hi Carlos,
>
> never seen that ... I'd first check whether the tac_plus-ng.cfg
> configuration is fine (tac_plus-ng -P
> /usr/local/etc/tac_plus-ng.cfg),
> and if that succeeds I'd try "strace -f tactrace.pl
>
> Cheers,
>
> Marc
>
>
> On 14.03.2024 19:51, Carlos Lopez wrote:
> > Hello, new to the group...
> >
> > I'm trying to debug a tacacs+ session but am getting zero output
> when
> > running "tactrace.pl <http://tactrace.pl>".
> Cheers,
>
> Marc
>
>
> On 14.03.2024 19:51, Carlos Lopez wrote:
> > Hello, new to the group...
> >
> > I'm trying to debug a tacacs+ session but am getting zero output
> when
> >
> > My install consisted of the following:
> > *Add Perl Modules*sudo cpan cpan[1]> install Net::IP cpan[1]>
> install
> > Net::TacacsPlus::Packet cpan[1]> install Net::LDAP *Download and
> > install tacacs+ ng*git clone
> > https://github.com/MarcJHuber/event-driven-servers.git cd
> > event-driven-servers/ ./configure tac_plus-ng make sudo make
> install
> > *Add tacplus config file*cd /usr/local/etc sudo touch
> tac_plus-ng.cfg
> > sudo chmod 755 tac_plus-ng.cfg sudo nano tac_plus-ng.cfg
> >
> > And here's what I get when running *tactrace.pl
> <http://tactrace.pl>*
> > My install consisted of the following:
> > *Add Perl Modules*sudo cpan cpan[1]> install Net::IP cpan[1]>
> install
> > Net::TacacsPlus::Packet cpan[1]> install Net::LDAP *Download and
> > install tacacs+ ng*git clone
> > https://github.com/MarcJHuber/event-driven-servers.git cd
> > event-driven-servers/ ./configure tac_plus-ng make sudo make
> install
> > *Add tacplus config file*cd /usr/local/etc sudo touch
> tac_plus-ng.cfg
> > sudo chmod 755 tac_plus-ng.cfg sudo nano tac_plus-ng.cfg
> >
> > And here's what I get when running *tactrace.pl
> > carlopez@tacacs01:/usr/local/bin$ tactrace.pl
> <http://tactrace.pl> --remote=172.30.175.5
> > --nad=172.16.100.4 --key=<tacacs-key> --port=4900
> --password=<password>
> >
> > carlopez@tacacs01:/usr/local/bin$
> >
> > Nothing, it just stays with the cursor blinking and I have to
> quit it.
> >
> > Any insight into why I would be seeing this issue would be greatly
> > appreciated.
> >
> > Cheers.
> >
> > them...@gmail.com
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Event-Driven Servers" group.
> > To unsubscribe from this group and stop receiving emails from
> it, send
> > an email to event-driven-ser...@googlegroups.com.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/event-driven-servers/1c88f317-14c6-43d7-9967-cc2744df324bn%40googlegroups.com
>
> >
> <https://groups.google.com/d/msgid/event-driven-servers/1c88f317-14c6-43d7-9967-cc2744df324bn%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/event-driven-servers/1c88f317-14c6-43d7-9967-cc2744df324bn%40googlegroups.com?utm_medium=email&utm_source=footer>>.
> --password=<password>
> >
> > carlopez@tacacs01:/usr/local/bin$
> >
> > Nothing, it just stays with the cursor blinking and I have to
> quit it.
> >
> > Any insight into why I would be seeing this issue would be greatly
> > appreciated.
> >
> > Cheers.
> >
> > them...@gmail.com
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Event-Driven Servers" group.
> > To unsubscribe from this group and stop receiving emails from
> it, send
> > an email to event-driven-ser...@googlegroups.com.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/event-driven-servers/1c88f317-14c6-43d7-9967-cc2744df324bn%40googlegroups.com
>
> >
> <https://groups.google.com/d/msgid/event-driven-servers/1c88f317-14c6-43d7-9967-cc2744df324bn%40googlegroups.com?utm_medium=email&utm_source=footer
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Event-Driven Servers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to event-driven-ser...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/event-driven-servers/c2645abd-80a0-4f57-9636-04c144c01748n%40googlegroups.com
>
> --
> You received this message because you are subscribed to the Google
> Groups "Event-Driven Servers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to event-driven-ser...@googlegroups.com.
> To view this discussion on the web visit
> <https://groups.google.com/d/msgid/event-driven-servers/c2645abd-80a0-4f57-9636-04c144c01748n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Message has been deleted
Marc Huber
Mar 15, 2024, 10:35:52 AMMar 15
to event-driv...@googlegroups.com
Hi Carlos,
no, that "gid" syntax is just illegal.
There are two options: Either you're running modified code or you're a
hallucinating AI that wastes my time.
I think it's the latter.
Cheers,
Marc
On 14.03.2024 22:41, Carlos Lopez wrote:
> Thanks for checking...I'm not sure what is going on as I get no errors
> returned from *tac_plus-ng *config check.
>
> *Output with config as sent earlier*:
>
> carlopez@tacacs01:~$ tac_plus-ng -P /usr/local/etc/tac_plus-ng.cfg
> carlopez@tacacs01:~$
>
> *Output when changing the following line*:
> from: "*if (gid =~ /vpn-access/)*"
> To: "*if (GID =~ /vpn-access/)*"
>
> carlopez@tacacs01:~$ tac_plus-ng -P /usr/local/etc/tac_plus-ng.cfg
> ((((( GID
> /usr/local/etc/tac_plus-ng.cfg:103: token GID is not known, please put
> it in double-quotes if you really want to use it
> 3168: /usr/local/etc/tac_plus-ng.cfg:103: token GID is not known,
> please put it in double-quotes if you really want to use it
>
> Cheers,
>
> Carlos Lopez
> > > running "tactrace.pl <http://tactrace.pl> <http://tactrace.pl>".
> <https://groups.google.com/d/msgid/event-driven-servers/c2645abd-80a0-4f57-9636-04c144c01748n%40googlegroups.com?utm_medium=email&utm_source=footer>>.
> <https://groups.google.com/d/msgid/event-driven-servers/197123b7-94e3-4c77-94b4-116f291306a5n%40googlegroups.com?utm_medium=email&utm_source=footer>.
no, that "gid" syntax is just illegal.
There are two options: Either you're running modified code or you're a
hallucinating AI that wastes my time.
I think it's the latter.
Cheers,
Marc
On 14.03.2024 22:41, Carlos Lopez wrote:
> Thanks for checking...I'm not sure what is going on as I get no errors
> returned from *tac_plus-ng *config check.
>
> *Output with config as sent earlier*:
>
> carlopez@tacacs01:~$ tac_plus-ng -P /usr/local/etc/tac_plus-ng.cfg
> carlopez@tacacs01:~$
>
> *Output when changing the following line*:
> from: "*if (gid =~ /vpn-access/)*"
> To: "*if (GID =~ /vpn-access/)*"
>
> carlopez@tacacs01:~$ tac_plus-ng -P /usr/local/etc/tac_plus-ng.cfg
> ((((( GID
> /usr/local/etc/tac_plus-ng.cfg:103: token GID is not known, please put
> it in double-quotes if you really want to use it
> 3168: /usr/local/etc/tac_plus-ng.cfg:103: token GID is not known,
> please put it in double-quotes if you really want to use it
>
> Cheers,
>
> Carlos Lopez
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Event-Driven Servers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to event-driven-ser...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/event-driven-servers/197123b7-94e3-4c77-94b4-116f291306a5n%40googlegroups.com
>
> --
> You received this message because you are subscribed to the Google
> Groups "Event-Driven Servers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to event-driven-ser...@googlegroups.com.
> To view this discussion on the web visit
> <https://groups.google.com/d/msgid/event-driven-servers/197123b7-94e3-4c77-94b4-116f291306a5n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Reply all
Reply to author
Forward
0 new messages