Start FreeRadius 4.0 with rlm_tacacs failed due to segV error

bryan xiang bryanxiang82 at gmail.com
Sun Apr 27 01:51:03 UTC 2025 

Yes, I am checking the examples and find one like below:

        recv Access-Request {
             subrequest @tacacs::Authentication-Start {
                User-Name := parent.request.User-Name
                #User-Password := parent.request.User-Password
                Data := parent.request.User-Password
                Packet.Version-Major := 0xC   # or "Plus" if using VALUE
mapping
                Packet.Version-Minor := 0x1
                Packet.Packet-Type := "Authentication"
                Packet.Sequence-Number := 1
                Packet.Flags := "None"
                Packet.Session-Id := parent.request.Acct-Session-Id
                Packet.Length := 0
                Authentication-Type := "PAP"
                Action := "Login"
                Authentication-Service := "Login"
                tacacs
                }


*                if (ok) {                        control.Auth-Type :=
"Accept"                }*
       }

but even the auth fail in tacacs module, the tacacs module still return ok,
so the module can catch the auth fail and reply module not ok right?
Debug : (1.0)          tacacs - Packet {
Debug : (1.0)            tacacs - Version-Major = Plus
Debug : (1.0)            tacacs - Version-Minor = 1
Debug : (1.0)            tacacs - Packet-Type = Authentication
Debug : (1.0)            tacacs - Sequence-Number = 2
Debug : (1.0)            tacacs - Flags = None
Debug : (1.0)            tacacs - Session-Id = 2035888093
Debug : (1.0)            tacacs - Length = 6
Debug : (1.0)          tacacs - }
Debug : (1.0)          tacacs - Packet-Body-Type = Reply
Debug : (1.0)          tacacs - Authentication-Status = Fail
Debug : (1.0)          tacacs - Authentication-Flags = 0
Debug : (1.0)          tacacs - Server-Message = ""
Debug : (1.0)          tacacs - Data = 0x
Debug : (1.0)        tacacs - tacacs - Resuming execution
Debug : (1.0)        *tacacs (ok)*
Debug : (1)        subrequest @tacacs::Authentication-Start - Resuming
execution
Debug : (1)      } # subrequest @tacacs:*:Authentication-Start (ok)*
Debug : (1)      if (ok)  {
Debug : (1)        | ok
Debug : (1)        | %expr.rcode()
Debug : (1)        | --> true
Debug : (1)        control.Auth-Type := Accept
Debug : (1)      } # if (ok)  (noop)
Debug : (1)    } # recv Access-Request (ok)
Debug : (1)    default (ok)
Debug : (1)  } # default (ok)
Debug : (1)  Done request

On Sat, Apr 26, 2025 at 11:25 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Apr 26, 2025, at 11:23 AM, bryan xiang <bryanxiang82 at gmail.com> wrote:
> > If I hardcode at the end of the Access-Request, it could pass, but how
> Can
> > I add condition to check if tacacs return ok or not and then do the
> > Auth-Type?
>
>   The "default" virtual server has examples of setting Auth-Type.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list