Start FreeRadius 4.0 with rlm_tacacs failed due to segV error
Alan DeKok
aland at deployingradius.com
Thu Apr 24 10:51:30 UTC 2025
On Apr 24, 2025, at 5:12 AM, bryan xiang <bryanxiang82 at gmail.com> wrote:
>
> I changed some virtual server side config and tried to logon with
> testuser1/testpass123, the error from tacacs is an encoding error.
Two things. First, you have to say what attributes are going into the TACACS+ packet. The server can't just invent things.
Second, the rlm_tacacs module can only be run within a 'tacacs' namespace. This is one of the major differences between v3 and v4.
If you want to receive a RADIUS Access-Request and then send a TACACS+ packet, you will have to change namespaces. See https://www.freeradius.org/documentation/freeradius-server/4.0.0/reference/unlang/subrequest.html
recv Access-Request {
subrequest @tacacs::Authentication-Start {
User-Name := parent.request.User-Name
User-Name := parent.request.User-Password
... fill in other attributes here, from dictionary/tacacs/*
tacacs
}
You will have to edit this and double-check it, but the basic concepts are there.
Alan DeKok.
More information about the Freeradius-Users
mailing list