Re: [RADIATOR] Cisco NX-OS TACACS+ problems
On 2014-02-07 08:35, Hartmaier Alexander wrote: On 2014-02-06 23:11, Heikki Vatiainen wrote: On 10/11/2013 11:38 AM, Alexander Hartmaier wrote: our switching guys reported that their Cisco Nexus switches running NX-OS log that their can't reach the tacacs servers. This is what the troubleshooting brought up: 2013 Oct 11 08:47:37.061 sgv20s %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond Returning to the subject with new information. This problem was seen by others too and this time a fix seems to be found. The bug appears to be CSCtz32293 and is corrected in 5.2(1)N1(5). The upgrade was done to 5.2(1)N1(6) which shows no problems. A similar looking problem is also described here: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080c17808.shtml I'm not sure if this relates to Steve's problem but looks exactly what Alexander was seeing. Thanks for keeping track of this problem!!! I had no time to further investigate it with our switching guys but informed them about the update. Sadly they are already running version 5.2(1)N1(6) and the error messages still occur. Thanks, Heikki *** T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *** Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *** ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Log messages
On 02/06/2014 07:13 PM, Michael Hulko wrote: We're seeing the following, not quite so frequently in our logs. Not every server is reporting this. Can anyone confirm that this is simply a client trying to authenticate with an unsupported EAP type? The EAP type is 0 in this case and it's clearly not any real type. It might be a misbehaving client or the server might be receiving a RADIUS request where the first EAP-Message attribute looks like an EAP request or response for EAP type 0. Some intermediate system may have for example, stripped the first attribute away leaving causing the remainder to look like an EAP request or response. There are likely to be multiple reasons why you get these messages. They might originate as incorrect or get mangled during the transport. Thanks, Heikki Feb 5 11:32:53 riptide-6.vm.its.uwo.pri /usr/bin/radiusd[14112]: Could not load EAP module Radius::EAP_0: Can't locate Radius/EAP _0.pm in @INC (@INC contains: . /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor _perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 11750293) line 3, GEN3 line 2747056. Feb 5 11:32:53 riptide-6.vm.its.uwo.pri /usr/bin/radiusd[14112]: Could not load EAP module Radius::EAP_0: Can't locate Radius/EAP _0.pm in @INC (@INC contains: . /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor _perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 11750293) line 3, GEN3 line 2747056. -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Log messages
I think we figured it out... on of our admins restarted the radiator process under a different identity and did not have all the correct rights to the envrionment. Once we purged the process, the errors seem to stop. Thanks M On 2014-02-07, at 3:41 PM, Heikki Vatiainen wrote: On 02/06/2014 07:13 PM, Michael Hulko wrote: We're seeing the following, not quite so frequently in our logs. Not every server is reporting this. Can anyone confirm that this is simply a client trying to authenticate with an unsupported EAP type? The EAP type is 0 in this case and it's clearly not any real type. It might be a misbehaving client or the server might be receiving a RADIUS request where the first EAP-Message attribute looks like an EAP request or response for EAP type 0. Some intermediate system may have for example, stripped the first attribute away leaving causing the remainder to look like an EAP request or response. There are likely to be multiple reasons why you get these messages. They might originate as incorrect or get mangled during the transport. Thanks, Heikki Feb 5 11:32:53 riptide-6.vm.its.uwo.pri /usr/bin/radiusd[14112]: Could not load EAP module Radius::EAP_0: Can't locate Radius/EAP _0.pm in @INC (@INC contains: . /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor _perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 11750293) line 3, GEN3 line 2747056. Feb 5 11:32:53 riptide-6.vm.its.uwo.pri /usr/bin/radiusd[14112]: Could not load EAP module Radius::EAP_0: Can't locate Radius/EAP _0.pm in @INC (@INC contains: . /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor _perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 11750293) line 3, GEN3 line 2747056. -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Michael Hulko Network Analyst Western University Canada Network Operations Centre Information Technology Services 1393 Western Road, SSB 3300CC London, Ontario N6G 1G9 tel: 519-661-2111 x81390 e-mail: mihu...@uwo.ca mailto:mihu...@uwo.ca ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator