Start FreeRadius 4.0 with rlm_tacacs failed due to segV error

bryan xiang bryanxiang82 at gmail.com
Mon Apr 28 13:39:08 UTC 2025 

OK, I see  When the child request has finished execution, it is freed
but if I can't set it in subrequest, I can't get the attribute:
Authentication-Status result from reply
so, here the only way I can count on is the tacacs module return
code(always return ok regardless auth success/fail)

        authenticate TACACS {
             subrequest @tacacs::Authentication-Start {
                User-Name := parent.request.User-Name
                Data := parent.request.User-Password
                Packet.Version-Major := 0xC   # or "Plus" if using VALUE
mapping
                Packet.Version-Minor := 0x1
                Packet.Packet-Type := "Authentication"
                Packet.Sequence-Number := 1
                Packet.Flags := "None"
                Packet.Session-Id := parent.request.Acct-Session-Id
                Packet.Length := 0
                Authentication-Type := "PAP"
                Action := "Login"
                Authentication-Service := "Login"
                tacacs
                }
      }

       recv Access-Request {
            if (User-Name =~ /^testuser1$/) {
                control.Auth-Type := ::TACACS
            }

since you are working on the return code of tacacs module, seems this is
the only way to decide the auth success or not because Reply attribute in
subrequest can't be reused after the subrequest finish execution, the
parent can't rely on the Auth-type setting in subrequest.

Regards,
Bryan

On Mon, Apr 28, 2025 at 6:17 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Apr 27, 2025, at 8:29 PM, bryan xiang <bryanxiang82 at gmail.com> wrote:
> > I tried your suggestion and add check in the subrequest scope, I can see
> > the reply attribute but seems can't set the Auth-Type successfully. the
> > config file as below:
>
>   At some point you will need to read the documentation, and understand
> how the server works.  I cannot answer every minor question about
> everything.
>
>   Go read the documentation at
> https://www.freeradius.org/documentation/freeradius-server/4.0.0/reference/unlang/subrequest.html
>
>   If you set "control.Auth-Type" inside of the "subrequest" block, that
> does NOT set it in the *parent* block.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list