Start FreeRadius 4.0 with rlm_tacacs failed due to segV error
bryan xiang
bryanxiang82 at gmail.com
Fri Apr 25 02:36:02 UTC 2025
I update my virtual server config as below, but seems request sendout
failure
server default {
namespace = radius
listen {
type = Access-Request
type = Status-Server
transport = udp
udp {
ipaddr = 169.254.195.0
port = 1812
}
}
recv Access-Request {
subrequest @tacacs::Authentication-Start {
User-Name := parent.request.User-Name
User-Password := parent.request.User-Password
Packet.Version-Major := 0xC
Packet.Version-Minor := 0x0
Packet.Packet-Type := "Authentication"
Packet.Sequence-Number := 1
Packet.Flags := "None"
Packet.Session-Id := 12345678
Packet.Length := 0
tacacs
}
}
}
Debug : (0.0) tacacs - Sending Authentication-Start ID 31 length 29
over connection proto tcp local 0.0.0.0 port 0 remote 10.76.89.50 port 49
Debug : (0.0) tacacs - Packet-Type = Authentication-Start
Debug : (0.0) tacacs - User-Name = "testuser1"
Debug : (0.0) tacacs - User-Password = "testpass123"
Debug : (0.0) tacacs - Packet {
Debug : (0.0) tacacs - Version-Major = Plus
Debug : (0.0) tacacs - Version-Minor = 0
Debug : (0.0) tacacs - Packet-Type = Authentication
Debug : (0.0) tacacs - Sequence-Number = 1
Debug : (0.0) tacacs - Flags = None
Debug : (0.0) tacacs - Session-Id = 12345678
Debug : (0.0) tacacs - Length = 0
Debug : (0.0) tacacs - }
ERROR : (0) ERROR: Request has reached max_request_time - signalling
it to stop
Debug : (0) Done request
On Fri, Apr 25, 2025 at 9:24 AM bryan xiang <bryanxiang82 at gmail.com> wrote:
> Yes, I am doing the thing you suggested, I need to check how the Packet
> structure to Networks
> I can't assign the Packet-Type, even I use "Authentication" and 1, it will
> > init the packet-type to 0
> Any guideline about how to assign value for the Struct type defined in
> dictionary?
>
> recv Access-Request {
> subrequest @tacacs::Authentication-Start {
> User-Name := parent.request.User-Name
> User-Password := parent.request.User-Password
> *Packet.Packet-Type := 1*
> tacacs
> }
>
> }
>
> On Fri, Apr 25, 2025 at 8:32 AM Alan DeKok <aland at deployingradius.com>
> wrote:
>
>> On Apr 24, 2025, at 11:32 AM, bryan xiang <bryanxiang82 at gmail.com> wrote:
>> >
>> > Thank you Alan for the explanation
>> > that make sense to provide the attributes to TACACS+ when change
>> protocol
>> > from Radius to TACACS+
>> > so beside the username/password, I need below attribute right?
>>
>> Yes... those are the attributes included with the server, in the TACACS
>> dictionary files. I'm aware of them.
>>
>> > I can't assign the Packet-Type, even I use "Authentication" and 1, it
>> will
>> > init the packet-type to 0
>> > for the namespace issue, I firstly type namespace as tacacs in the
>> virtual
>> > server, but seems it can't receive Radius request from port 1812, so I
>> > changed namespace from tacacs to radius, then the FreeRadius begin to
>> > listen the port 1812
>> > do you mean in the modules/tacacs, I still need to specify the
>> namespace as
>> > tacacs?
>>
>> What I said was to use the following configuration:
>>
>> >> recv Access-Request {
>> >> subrequest @tacacs::Authentication-Start {
>> >> User-Name := parent.request.User-Name
>> >> User-Name := parent.request.User-Password
>> >> ... fill in other attributes here, from
>> dictionary/tacacs/*
>> >>
>> >> tacacs
>> >>
>> >> }
>> >>
>> >>
>> >> You will have to edit this and double-check it, but the basic concepts
>> >> are there.
>>
>> Instead of doing that, you're doing something else. Why?
>>
>> Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
More information about the Freeradius-Users
mailing list