failed to receive Accounting Response
Alan DeKok
aland at deployingradius.com
Mon Mar 9 19:26:51 CET 2009
Николай Г. Петров wrote:
> No. in my company we use a freeradius, not a TACACS, and we want to get
> a control under some users which work on cisco console and for this we
> would be like take a 'log command'. If you know how we make do that and
> freeradius implemet this, please tell us or give a some howto, patch,
> url etc. Still we implement unsuccessful.
The Cisco routers do command authentication via TACACS+, not RADIUS.
What you want to do is impossible with RADIUS... because Cisco makes it
impossible.
If you want command authentication for Cisco equipment, you will need
to run a TACACS+ server, or make FreeRADIUS understand TACACS+.
And yes, this question has come up a lot in the past decade. We *do*
understand how the switches work, and how people use those switches.
Alan DeKok.
More information about the Freeradius-Users
mailing list