On 10/01/2012 10:09 AM, Remco van Noorloos wrote: > Since a couple of weeks I’ve implemented both TACACS as regular RADIUS > services on a Windows server with Radiator. I’ve assigned two IP > addresses to the network adapter. One is used for RADIUS requests, the > other for TACACS requests.
I agree with Hugh this is a good idea. I would add these two lines in the TACACS+ instance configuration if they are not there already: AuthPort AcctPort That will make sure the TACACS+ radiusd instance will not try to bind to RADIUS ports. If you use BindAddress in ServerTACACSPLUS, it should only affect how binding to TACACS+ port is done. Thanks, Heikki > After I did this I’m seeing strange behavior with RADIUS requests. I’m > monitoring this for a while now and with RADIUS test requests the one > moment I get a ‘Access-Accept’ message and a minute later a ‘Socket > Error Connection reset by peer’ error message. When this last error > occurs I don’t see anything in the debug log (level 4). I’ve configured > Radiator to use a specific address using the ‘BindAddress’ command on > global level. For TACACS authentication I configured the ‘BindAddress’ > in the ServerTACACSPLUS part of the config. > > > > I’m trying to avoid using an extra server specific for TACACS > authentication because of waste of resources. Is there something I’m > missing here? > > > > Thanks in advance for your answer. > > > > Best regards, > > > > PROXSYS > > Remco > > > > > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
