Tacacs to Radius authentication
390 views
Skip to first unread message
Vishnu B
Oct 13, 2021, 1:01:39 PM10/13/21
to Event-Driven Servers
i want my tac_plus server to use a Radius agent as backend.
Authenticating routers against the Radius server works fine. But via tac_plus i am getting the below error.
```
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Using Authen::Radius Perl module.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "User-Name" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 825, <> chunk 1.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "Password" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 825, <> chunk 1.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "NAS-IP-Address" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 825, <> chunk 1.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "User-Name" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 853, <> chunk 1.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "Password" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 853, <> chunk 1.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "NAS-IP-Address" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 853, <> chunk 1.
2021-10-11 07:32:51 UTC [console1.sjc2.asn.net, pool-2-thread-1] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
07:32:51 UTC [console1.sjc2.asn.net, pool-2-thread-1] : INFO - Completed processing. packetId=0, totalProcessingTime=0ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "User-Name" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 825, <> chunk 1.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "Password" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 825, <> chunk 1.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "NAS-IP-Address" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 825, <> chunk 1.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "User-Name" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 853, <> chunk 1.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "Password" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 853, <> chunk 1.
tac_plus[1702]: /usr/lib64/mavis/mavis_tacplus_radius.pl: 1705: Argument "NAS-IP-Address" isn't numeric in int at /usr/share/perl5/vendor_perl/Authen/Radius.pm line 853, <> chunk 1.
2021-10-11 07:32:51 UTC [console1.sjc2.asn.net, pool-2-thread-1] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
07:32:51 UTC [console1.sjc2.asn.net, pool-2-thread-1] : INFO - Completed processing. packetId=0, totalProcessingTime=0ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
```
my tac_plus config is as mentioned below.
```
#### BEGIN RADIUS CONFIGURATION ########
mavis module = external {
setenv RADIUS_HOST = 10.0.0.50:2100
setenv RADIUS_SECRET = "XXXXXX"
#setenv RADIUS_GROUP_ATTR = Filter-Id
setenv RADIUS_PASSWORD_ATTR = Password
exec = /usr/lib64/mavis/mavis_tacplus_radius.pl
}
#### END RADIUS CONFIGURATION ########
```
Can you please help me on this issue.
Thanks
Vishnu
Marc Huber
Oct 14, 2021, 3:16:13 PM10/14/21
to Event-Driven Servers
Hi,
the Authen::Radius Perl module might have an issue. Does /etc/raddb/dictionary exist on your system?
Cheers,
Marc
Vishnu B
Oct 15, 2021, 11:39:23 AM10/15/21
to Event-Driven Servers
Hi Marc,
Yes, the /etc/raddb/dictionary file exists in my server.
Thanks,
Vishnu
Vishnu B
Oct 21, 2021, 1:46:41 AM10/21/21
to Event-Driven Servers
Hi Marc,
Can you please help?
Thanks,
Vishnu
Vishnu B
Jan 31, 2022, 10:27:14 AM1/31/22
to Event-Driven Servers
installed freeradius on a different server and copied all the disctionary files from /usr/share/freeradius/dictionary /etc/raddb/ fixed the issue.
Thanks
Vishnu
Reply all
Reply to author
Forward
0 new messages