Start FreeRadius 4.0 with rlm_tacacs failed due to segV error

bryan xiang bryanxiang82 at gmail.com
Fri Apr 25 14:31:29 UTC 2025 

Yes Alan, I ever tried to do this, but seems when subrequest module
returned, the caller ( radius) did not see the Auth-type too.

Debug : tacacs - [1] - Signalled to reconnect from CONNECTED state
Debug : tacacs - [1] - Connection changed state CONNECTED -> FAILED
Debug : tacacs - [1] - Connection changed state FAILED -> CLOSED
Info  : tacacs - [1] Trunk connection changed state ACTIVE -> CLOSED
Debug : tacacs - Connection closed - proto tcp local 0.0.0.0 port 0 remote
10.76.89.50 port 49
Debug : tacacs - [1] - Delaying reconnection by 1s
Debug : (0.0)        tacacs - tacacs - Resuming execution
Debug : (0.0)        tacacs (ok)
Debug : (0)        subrequest @tacacs::Authentication-Start - Resuming
execution
Debug : (0)      } # subrequest @tacacs::Authentication-Start (ok)
Debug : (0)      *Auth-Type := Accept*
Debug : (0)    } # recv Access-Request (ok)
*Debug : (0)    No 'Auth-Type' attribute found, cannot authenticate the
user - rejecting the request*
Debug : (0)    default (ok)
Debug : (0)  } # default (ok)
Debug : (0)  Done request
Debug : (0)  Sending Access-Reject ID 83 from 0.0.0.0/0:1812 to
169.254.131.1:54808 length 38 via socket radius_udp server 169.254.195.0
port 1812

On Fri, Apr 25, 2025 at 6:09 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Apr 25, 2025, at 5:18 AM, bryan xiang <bryanxiang82 at gmail.com> wrote:
> > I have some good progress, but still failed in last step, seems TACACS
> > server already send pass to FreeRadius, but FreeRadius report one error
> and
> > reject the request:
> > ...
> > Debug : (0.0)        tacacs - Received Authentication-Pass ID 2 length 18
> > reply packet on connection proto tcp local 0.0.0.0 port 0 remote
> > 10.76.89.50 port 49
> > ...
> > Error : tacacs - Connection proto tcp local 0.0.0.0 port 0 remote
> > 10.76.89.50 port 49 failed: No additional error information
>
>   I suspect that the other end just closed the connection after one
> packet.  This is actually normal for TACACS+.
>
> > ...
> > Debug : (0)    } # recv Access-Request (ok)
> > Debug : (0)    No 'Auth-Type' attribute found, cannot authenticate the
> user
> > - rejecting the request
>
>   So... configure FreeRADIUS to authenticate the user?  i.e. uif the
> TACACS+ module returns "ok", set Auth-Type = Accept.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list