From kissg at ssg.ki.iif.hu Fri Apr 2 11:38:00 2010 From: kissg at ssg.ki.iif.hu (Kiss Gabor (Bitman)) Date: Fri, 2 Apr 2010 13:38:00 +0200 (CEST) Subject: [tac_plus] Re: Multiple groups, multiple ACL-s In-Reply-To: <201004011003.01191.karen.durinyan@gmail.com> References: <201003301211.36894.karen.durinyan@gmail.com> <201004011003.01191.karen.durinyan@gmail.com> Message-ID: > > Another test: what happens if you omit "return .*" lines from ACL-s? > If I omit "return .*" (which is equivalent deny .* as I understand) I can No, it is not. "return" means: "do not decide now but continue search in the config tree". Gabor From kissg at ssg.ki.iif.hu Fri Apr 2 11:43:22 2010 From: kissg at ssg.ki.iif.hu (Kiss Gabor (Bitman)) Date: Fri, 2 Apr 2010 13:43:22 +0200 (CEST) Subject: [tac_plus] Re: Multiple groups, multiple ACL-s In-Reply-To: <201004010958.45136.karen.durinyan@gmail.com> References: <201003301211.36894.karen.durinyan@gmail.com> <201003311008.46904.karen.durinyan@gmail.com> <201004010958.45136.karen.durinyan@gmail.com> Message-ID: > pls, answers are bellow. Eeeerrr... answers to what question? :-) This debug output was created before or after swapping your membership order? You should do the following: With your original config (i.e. member = net-staff-all-r member = net-staff-all-u ) login into both NAS and issue "show mem" command. Then modify config ( member = net-staff-all-u member = net-staff-all-r ), restart tac_plus and execute "show mem" again in both router. Finally send me the debug output please. Regards Gabor From kissg at ssg.ki.iif.hu Fri Apr 2 14:00:54 2010 From: kissg at ssg.ki.iif.hu (Kiss Gabor (Bitman)) Date: Fri, 2 Apr 2010 16:00:54 +0200 (CEST) Subject: [tac_plus] Re: Multiple groups, multiple ACL-s In-Reply-To: <201004021739.55053.karen.durinyan@gmail.com> References: <201003301211.36894.karen.durinyan@gmail.com> <201004021659.21809.karen.durinyan@gmail.com> <201004021739.55053.karen.durinyan@gmail.com> Message-ID: > New debug is attached, and you can also see steps in that file. Thanks and > Happy Easter as well. Thanks. Here is your present: I got it. :-) Compare output of processes 22044 and 32152. Both serve an authorization request: name=karen cmdname=show And they are very identical: : cfg_get_cmd_node: name=karen cmdname=show rec=1 : cfg_get_cmd_node: recurse group=net-staff-all-r depth=1 : cfg_get_cmd_node: recurse group=net-staff-r depth=2 : cfg_get_cmd_node: found cmd show node N_svc_cmd Program does not cares with ACL as I suspected but in both cases it founds the restrictive "cmd = show {...}" section in group net-staff-r. Similarly both processes 11679 and 18484 accepted the same request with modified config as I hoped. I'm afraid your problem cannot be solved with the current semantics of config file. Maybe I could add this new feature but this would break old, existing configs therefore I'd lost all of my chance of my patch beeing incorporated in the mainstream code. (John? Any comment? :-) At least a new global option (apply_acl = "cmd, user, before authorization" or so) should be introduced to maintain backwards compatibility. Regards Gabor From karen.durinyan at gmail.com Fri Apr 2 11:53:11 2010 From: karen.durinyan at gmail.com (Karen Durinyan) Date: Fri, 2 Apr 2010 16:53:11 +0500 Subject: [tac_plus] Re: Multiple groups, multiple ACL-s In-Reply-To: References: <201003301211.36894.karen.durinyan@gmail.com> <201004011003.01191.karen.durinyan@gmail.com> Message-ID: <201004021653.12570.karen.durinyan@gmail.com> Dear Gabor, I mean after omitting "return"... If I do not have return in the end of ACL it is equivalent deny .* And after that: >>I can login only on to router which is defined in acl of 1st group i.e. in my case it is racc1. Access to edge1 is denied. -- Bests, Karen On Friday 02 April 2010 16:38:00 Kiss Gabor (Bitman) wrote: > > > Another test: what happens if you omit "return .*" lines from ACL-s? > > > > If I omit "return .*" (which is equivalent deny .* as I understand) I can > > No, it is not. > "return" means: "do not decide now but continue search in the config tree". > > Gabor From karen.durinyan at gmail.com Fri Apr 2 11:59:20 2010 From: karen.durinyan at gmail.com (Karen Durinyan) Date: Fri, 2 Apr 2010 16:59:20 +0500 Subject: [tac_plus] Re: Multiple groups, multiple ACL-s In-Reply-To: References: <201003301211.36894.karen.durinyan@gmail.com> <201004010958.45136.karen.durinyan@gmail.com> Message-ID: <201004021659.21809.karen.durinyan@gmail.com> Hello Gabor, I took debug before swapping the membership, i.e. in config I had: member = net-staff-all-r member = net-staff-all-u But no problem, I will take another debug after working hours and post here. -- Bests, Karen On Friday 02 April 2010 16:43:22 Kiss Gabor (Bitman) wrote: > > pls, answers are bellow. > > Eeeerrr... answers to what question? :-) > This debug output was created before or after swapping > your membership order? > > > You should do the following: > > With your original config (i.e. > member = net-staff-all-r > member = net-staff-all-u > ) login into both NAS and issue "show mem" command. > > Then modify config ( > member = net-staff-all-u > member = net-staff-all-r > ), restart tac_plus and execute "show mem" again in both router. > > Finally send me the debug output please. > > Regards > > Gabor From karen.durinyan at gmail.com Fri Apr 2 12:39:53 2010 From: karen.durinyan at gmail.com (Karen Durinyan) Date: Fri, 2 Apr 2010 17:39:53 +0500 Subject: [tac_plus] Re: Multiple groups, multiple ACL-s In-Reply-To: <201004021659.21809.karen.durinyan@gmail.com> References: <201003301211.36894.karen.durinyan@gmail.com> <201004021659.21809.karen.durinyan@gmail.com> Message-ID: <201004021739.55053.karen.durinyan@gmail.com> Dear Gabor, New debug is attached, and you can also see steps in that file. Thanks and Happy Easter as well. -- Bests, Karen On Friday 02 April 2010 16:59:20 Karen Durinyan wrote: > Hello Gabor, > > I took debug before swapping the membership, i.e. > in config I had: > member = net-staff-all-r > member = net-staff-all-u > > But no problem, I will take another debug after working hours and post > here. > > > > pls, answers are bellow. > > > > Eeeerrr... answers to what question? :-) > > This debug output was created before or after swapping > > your membership order? > > > > > > You should do the following: > > > > With your original config (i.e. > > member = net-staff-all-r > > member = net-staff-all-u > > ) login into both NAS and issue "show mem" command. > > > > Then modify config ( > > member = net-staff-all-u > > member = net-staff-all-r > > ), restart tac_plus and execute "show mem" again in both router. > > > > Finally send me the debug output please. > > > > Regards > > > > Gabor -------------- next part -------------- 1. membership: member = net-staff-all-r member = net-staff-all-u commands: login show mem exit edge1 Fri Apr 2 13:17:38 2010 [21980]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:17:38 2010 [21980]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:38 2010 [21980]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:38 2010 [21980]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:17:38 2010 [21980]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:17:38 2010 [21980]: cfg_get_value: name=karen isuser=1 attr=nopassword rec=1 Fri Apr 2 13:17:38 2010 [21980]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:38 2010 [21980]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:38 2010 [21980]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:38 2010 [21980]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:17:38 2010 [21980]: cfg_get_intvalue: returns 0 Fri Apr 2 13:17:38 2010 [21980]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:17:38 2010 [21980]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:17:38 2010 [21980]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:38 2010 [21980]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:42 2010 [21980]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:42 2010 [21980]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:42 2010 [21980]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:17:42 2010 [21980]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:17:42 2010 [21980]: cfg_get_value: name=karen isuser=1 attr=expires rec=1 Fri Apr 2 13:17:42 2010 [21980]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:42 2010 [21980]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:42 2010 [21980]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:42 2010 [21980]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:17:42 2010 [21980]: cfg_get_pvalue: returns NULL Fri Apr 2 13:17:42 2010 [21980]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:17:42 2010 [21980]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:42 2010 [21980]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:42 2010 [21980]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:42 2010 [21980]: cfg_get_pvalue: returns net-staff-u Fri Apr 2 13:17:42 2010 [21980]: login query for 'karen' tty514 from 10.0.127.1 accepted Fri Apr 2 13:17:42 2010 [21980]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:42 2010 [21980]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:42 2010 [21996]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:17:42 2010 [21996]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:42 2010 [21996]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_pvalue: returns net-staff-u Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_pvalue: returns NULL Fri Apr 2 13:17:42 2010 [21996]: cfg_get_svc_node: username=karen N_svc_exec proto= svcname= rec=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_svc_node: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_svc_node: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_svc_node: found N_svc_exec proto= svcname= Fri Apr 2 13:17:42 2010 [21996]: cfg_get_svc_node: username=karen N_svc_exec proto= svcname= rec=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_svc_node: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_svc_node: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_svc_node: found N_svc_exec proto= svcname= Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:17:42 2010 [21996]: cfg_get_pvalue: returns NULL Fri Apr 2 13:17:42 2010 [21996]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:42 2010 [21996]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:42 2010 [21996]: authorization query for 'karen' tty514 from 10.0.127.1 accepted Fri Apr 2 13:17:42 2010 [21997]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:17:42 2010 [21997]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:42 2010 [21997]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:42 2010 [21997]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:42 2010 [21997]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:47 2010 [22044]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:17:47 2010 [22044]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:47 2010 [22044]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_pvalue: returns net-staff-u Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_pvalue: returns NULL Fri Apr 2 13:17:47 2010 [22044]: cfg_get_cmd_node: name=karen cmdname=show rec=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_cmd_node: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_cmd_node: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_cmd_node: found cmd show node N_svc_cmd Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:17:47 2010 [22044]: cfg_get_pvalue: returns NULL Fri Apr 2 13:17:47 2010 [22044]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:47 2010 [22044]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:47 2010 [22044]: authorization query for 'karen' tty514 from 10.0.127.1 rejected Fri Apr 2 13:17:51 2010 [22062]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:17:51 2010 [22062]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:51 2010 [22062]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_pvalue: returns net-staff-u Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_pvalue: returns NULL Fri Apr 2 13:17:51 2010 [22062]: cfg_get_cmd_node: name=karen cmdname=exit rec=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_cmd_node: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_cmd_node: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_cmd_node: found cmd exit node N_svc_cmd Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:17:51 2010 [22062]: cfg_get_pvalue: returns NULL Fri Apr 2 13:17:51 2010 [22062]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:51 2010 [22062]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:51 2010 [22062]: authorization query for 'karen' tty514 from 10.0.127.1 accepted Fri Apr 2 13:17:51 2010 [22063]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:17:51 2010 [22063]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:51 2010 [22063]: cfg_get_phvalue: returns ********* Fri Apr 2 13:17:51 2010 [22063]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:17:51 2010 [22063]: cfg_get_phvalue: returns ********* racc1 Fri Apr 2 13:19:02 2010 [29516]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:19:02 2010 [29516]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:02 2010 [29516]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:02 2010 [29516]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:19:02 2010 [29516]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:19:02 2010 [29516]: cfg_get_value: name=karen isuser=1 attr=nopassword rec=1 Fri Apr 2 13:19:02 2010 [29516]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:02 2010 [29516]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:02 2010 [29516]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:19:02 2010 [29516]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:19:02 2010 [29516]: cfg_get_intvalue: returns 0 Fri Apr 2 13:19:02 2010 [29516]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:19:02 2010 [29516]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:19:02 2010 [29516]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:02 2010 [29516]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:06 2010 [29516]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:06 2010 [29516]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:06 2010 [29516]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:19:06 2010 [29516]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:19:06 2010 [29516]: cfg_get_value: name=karen isuser=1 attr=expires rec=1 Fri Apr 2 13:19:06 2010 [29516]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:06 2010 [29516]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:06 2010 [29516]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:19:06 2010 [29516]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:19:06 2010 [29516]: cfg_get_pvalue: returns NULL Fri Apr 2 13:19:06 2010 [29516]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:19:06 2010 [29516]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:06 2010 [29516]: cfg_get_pvalue: returns net-staff-r Fri Apr 2 13:19:06 2010 [29516]: login query for 'karen' tty514 from 10.0.127.12 accepted Fri Apr 2 13:19:06 2010 [29516]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:06 2010 [29516]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:06 2010 [30681]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:19:06 2010 [30681]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:06 2010 [30681]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_pvalue: returns net-staff-r Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_pvalue: returns NULL Fri Apr 2 13:19:06 2010 [30681]: cfg_get_svc_node: username=karen N_svc_exec proto= svcname= rec=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_svc_node: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_svc_node: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_svc_node: found N_svc_exec proto= svcname= Fri Apr 2 13:19:06 2010 [30681]: cfg_get_svc_node: username=karen N_svc_exec proto= svcname= rec=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_svc_node: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_svc_node: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_svc_node: found N_svc_exec proto= svcname= Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:19:06 2010 [30681]: cfg_get_pvalue: returns NULL Fri Apr 2 13:19:06 2010 [30681]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:06 2010 [30681]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:06 2010 [30681]: authorization query for 'karen' tty514 from 10.0.127.12 accepted Fri Apr 2 13:19:06 2010 [30711]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:19:06 2010 [30711]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:06 2010 [30711]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:06 2010 [30711]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:06 2010 [30711]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:09 2010 [32152]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:19:09 2010 [32152]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:09 2010 [32152]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_pvalue: returns net-staff-r Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_pvalue: returns NULL Fri Apr 2 13:19:09 2010 [32152]: cfg_get_cmd_node: name=karen cmdname=show rec=1 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_cmd_node: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_cmd_node: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_cmd_node: found cmd show node N_svc_cmd Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:19:09 2010 [32152]: cfg_get_pvalue: returns NULL Fri Apr 2 13:19:09 2010 [32152]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:09 2010 [32152]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:09 2010 [32152]: authorization query for 'karen' tty514 from 10.0.127.12 rejected Fri Apr 2 13:19:12 2010 [1342]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:19:13 2010 [1342]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:13 2010 [1342]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_pvalue: returns net-staff-r Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_pvalue: returns NULL Fri Apr 2 13:19:13 2010 [1342]: cfg_get_cmd_node: name=karen cmdname=exit rec=1 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_cmd_node: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_cmd_node: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_cmd_node: found cmd exit node N_svc_cmd Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:19:13 2010 [1342]: cfg_get_pvalue: returns NULL Fri Apr 2 13:19:13 2010 [1342]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:13 2010 [1342]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:13 2010 [1342]: authorization query for 'karen' tty514 from 10.0.127.12 accepted Fri Apr 2 13:19:13 2010 [1461]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:19:13 2010 [1461]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:13 2010 [1461]: cfg_get_phvalue: returns ************** Fri Apr 2 13:19:13 2010 [1461]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:19:13 2010 [1461]: cfg_get_phvalue: returns ************** 2. membership: member = net-staff-all-u member = net-staff-all-r commands: login show mem exit ede1 Fri Apr 2 13:20:48 2010 [11659]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:20:48 2010 [11659]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:48 2010 [11659]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:48 2010 [11659]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:20:48 2010 [11659]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:20:48 2010 [11659]: cfg_get_value: name=karen isuser=1 attr=nopassword rec=1 Fri Apr 2 13:20:48 2010 [11659]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:48 2010 [11659]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:20:48 2010 [11659]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:20:48 2010 [11659]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:20:48 2010 [11659]: cfg_get_intvalue: returns 0 Fri Apr 2 13:20:48 2010 [11659]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:20:48 2010 [11659]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:20:48 2010 [11659]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:48 2010 [11659]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:52 2010 [11659]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:52 2010 [11659]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:52 2010 [11659]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:20:52 2010 [11659]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:20:52 2010 [11659]: cfg_get_value: name=karen isuser=1 attr=expires rec=1 Fri Apr 2 13:20:52 2010 [11659]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:52 2010 [11659]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:20:52 2010 [11659]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:20:52 2010 [11659]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:20:52 2010 [11659]: cfg_get_pvalue: returns NULL Fri Apr 2 13:20:52 2010 [11659]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:20:52 2010 [11659]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:52 2010 [11659]: cfg_get_pvalue: returns net-staff-u Fri Apr 2 13:20:52 2010 [11659]: login query for 'karen' tty514 from 10.0.127.1 accepted Fri Apr 2 13:20:52 2010 [11659]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:52 2010 [11659]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:52 2010 [11677]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:20:52 2010 [11677]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:52 2010 [11677]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_pvalue: returns net-staff-u Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_pvalue: returns NULL Fri Apr 2 13:20:52 2010 [11677]: cfg_get_svc_node: username=karen N_svc_exec proto= svcname= rec=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_svc_node: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_svc_node: recurse group=net-staff-u depth=2 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_svc_node: found N_svc_exec proto= svcname= Fri Apr 2 13:20:52 2010 [11677]: cfg_get_svc_node: username=karen N_svc_exec proto= svcname= rec=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_svc_node: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_svc_node: recurse group=net-staff-u depth=2 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_svc_node: found N_svc_exec proto= svcname= Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:20:52 2010 [11677]: cfg_get_pvalue: returns NULL Fri Apr 2 13:20:52 2010 [11677]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:52 2010 [11677]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:52 2010 [11677]: authorization query for 'karen' tty514 from 10.0.127.1 accepted Fri Apr 2 13:20:52 2010 [11678]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:20:52 2010 [11678]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:52 2010 [11678]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:52 2010 [11678]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:52 2010 [11678]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:55 2010 [11679]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:20:55 2010 [11679]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:55 2010 [11679]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_pvalue: returns net-staff-u Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_pvalue: returns NULL Fri Apr 2 13:20:55 2010 [11679]: cfg_get_cmd_node: name=karen cmdname=show rec=1 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_cmd_node: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_cmd_node: recurse group=net-staff-u depth=2 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_cmd_node: found cmd show node N_svc_cmd Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:20:55 2010 [11679]: cfg_get_pvalue: returns NULL Fri Apr 2 13:20:55 2010 [11679]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:55 2010 [11679]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:55 2010 [11679]: authorization query for 'karen' tty514 from 10.0.127.1 accepted Fri Apr 2 13:20:55 2010 [11680]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:20:55 2010 [11680]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:55 2010 [11680]: cfg_get_phvalue: returns ********* Fri Apr 2 13:20:55 2010 [11680]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:20:55 2010 [11680]: cfg_get_phvalue: returns ********* Fri Apr 2 13:21:01 2010 [11686]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:21:01 2010 [11686]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:21:01 2010 [11686]: cfg_get_phvalue: returns ********* Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_pvalue: returns net-staff-u Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_pvalue: returns NULL Fri Apr 2 13:21:01 2010 [11686]: cfg_get_cmd_node: name=karen cmdname=exit rec=1 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_cmd_node: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_cmd_node: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_cmd_node: found cmd exit node N_svc_cmd Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:21:01 2010 [11686]: cfg_get_pvalue: returns NULL Fri Apr 2 13:21:01 2010 [11686]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:21:01 2010 [11686]: cfg_get_phvalue: returns ********* Fri Apr 2 13:21:01 2010 [11686]: authorization query for 'karen' tty514 from 10.0.127.1 accepted Fri Apr 2 13:21:01 2010 [11779]: connect from 10.0.127.1 [10.0.127.1] Fri Apr 2 13:21:01 2010 [11779]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:21:01 2010 [11779]: cfg_get_phvalue: returns ********* Fri Apr 2 13:21:01 2010 [11779]: cfg_get_hvalue: name=10.0.127.1 attr=key Fri Apr 2 13:21:01 2010 [11779]: cfg_get_phvalue: returns ********* racc1 Fri Apr 2 13:21:17 2010 [17895]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:21:17 2010 [17895]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:17 2010 [17895]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:17 2010 [17895]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:21:17 2010 [17895]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:21:17 2010 [17895]: cfg_get_value: name=karen isuser=1 attr=nopassword rec=1 Fri Apr 2 13:21:17 2010 [17895]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:17 2010 [17895]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:17 2010 [17895]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:17 2010 [17895]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:21:17 2010 [17895]: cfg_get_intvalue: returns 0 Fri Apr 2 13:21:17 2010 [17895]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:21:17 2010 [17895]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:21:17 2010 [17895]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:17 2010 [17895]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:21 2010 [17895]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:21 2010 [17895]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:21 2010 [17895]: cfg_get_value: name=karen isuser=1 attr=login rec=1 Fri Apr 2 13:21:21 2010 [17895]: cfg_get_pvalue: returns des ********* Fri Apr 2 13:21:21 2010 [17895]: cfg_get_value: name=karen isuser=1 attr=expires rec=1 Fri Apr 2 13:21:21 2010 [17895]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:21 2010 [17895]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:21 2010 [17895]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:21 2010 [17895]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:21:21 2010 [17895]: cfg_get_pvalue: returns NULL Fri Apr 2 13:21:21 2010 [17895]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:21:21 2010 [17895]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:21 2010 [17895]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:21 2010 [17895]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:21 2010 [17895]: cfg_get_pvalue: returns net-staff-r Fri Apr 2 13:21:21 2010 [17895]: login query for 'karen' tty514 from 10.0.127.12 accepted Fri Apr 2 13:21:21 2010 [17895]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:21 2010 [17895]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:21 2010 [18332]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:21:21 2010 [18332]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:21 2010 [18332]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_pvalue: returns net-staff-r Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_pvalue: returns NULL Fri Apr 2 13:21:21 2010 [18332]: cfg_get_svc_node: username=karen N_svc_exec proto= svcname= rec=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_svc_node: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_svc_node: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_svc_node: found N_svc_exec proto= svcname= Fri Apr 2 13:21:21 2010 [18332]: cfg_get_svc_node: username=karen N_svc_exec proto= svcname= rec=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_svc_node: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_svc_node: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_svc_node: found N_svc_exec proto= svcname= Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:21:21 2010 [18332]: cfg_get_pvalue: returns NULL Fri Apr 2 13:21:21 2010 [18332]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:21 2010 [18332]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:21 2010 [18332]: authorization query for 'karen' tty514 from 10.0.127.12 accepted Fri Apr 2 13:21:21 2010 [18333]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:21:21 2010 [18333]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:21 2010 [18333]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:21 2010 [18333]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:21 2010 [18333]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:25 2010 [18484]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:21:25 2010 [18484]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:25 2010 [18484]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_pvalue: returns net-staff-r Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_pvalue: returns NULL Fri Apr 2 13:21:25 2010 [18484]: cfg_get_cmd_node: name=karen cmdname=show rec=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_cmd_node: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_cmd_node: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_cmd_node: found cmd show node N_svc_cmd Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:21:25 2010 [18484]: cfg_get_pvalue: returns NULL Fri Apr 2 13:21:25 2010 [18484]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:25 2010 [18484]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:25 2010 [18484]: authorization query for 'karen' tty514 from 10.0.127.12 accepted Fri Apr 2 13:21:26 2010 [18486]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:21:26 2010 [18486]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:26 2010 [18486]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:26 2010 [18486]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:26 2010 [18486]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:31 2010 [18525]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:21:31 2010 [18525]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:31 2010 [18525]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: name=karen isuser=1 attr=acl rec=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_pvalue: returns net-staff-r Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: name=karen isuser=1 attr=before rec=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_pvalue: returns NULL Fri Apr 2 13:21:31 2010 [18525]: cfg_get_cmd_node: name=karen cmdname=exit rec=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_cmd_node: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_cmd_node: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_cmd_node: found cmd exit node N_svc_cmd Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: name=karen isuser=1 attr=after rec=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-all-u depth=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-u depth=2 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-all-r depth=1 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_value: recurse group=net-staff-r depth=2 Fri Apr 2 13:21:31 2010 [18525]: cfg_get_pvalue: returns NULL Fri Apr 2 13:21:31 2010 [18525]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:31 2010 [18525]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:31 2010 [18525]: authorization query for 'karen' tty514 from 10.0.127.12 accepted Fri Apr 2 13:21:31 2010 [18526]: connect from 10.0.127.12 [10.0.127.12] Fri Apr 2 13:21:31 2010 [18526]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:31 2010 [18526]: cfg_get_phvalue: returns ************** Fri Apr 2 13:21:31 2010 [18526]: cfg_get_hvalue: name=10.0.127.12 attr=key Fri Apr 2 13:21:31 2010 [18526]: cfg_get_phvalue: returns ************** From hailumeng at gmail.com Fri Apr 2 16:21:52 2010 From: hailumeng at gmail.com (Hailu Meng) Date: Fri, 2 Apr 2010 11:21:52 -0500 Subject: [tac_plus] tac_plus process automatically shutdown after too many login Message-ID: Hi there, I recently setup Ciscoworks to backup the cisco device configuration every day. Right now I configured 126 devices in CiscoWorks to be back up. But after Ciscoworks finished the scheduled backup job, I found my tac_plus process has been stopped automatically. I checked the tac_plus log and found the end of log file has one error: Fri Apr 2 08:20:28 2010 [3417]: Error 10.x.x.x: Bad sequence number 3 should be even what does it mean? Some devices got successfully telneted and get into the enable mode. But some devices failed. In addition, I found the below error, it seems the device is not reachable but the device didn't have any issue at that time. Is there any possiblity that the unexpected delay cause this issue? Can I adjust some kind of timeout parameter in tac_plus to be suitable for the situation? Fri Apr 2 08:20:24 2010 [3417]: Authen Start request Fri Apr 2 08:20:24 2010 [3417]: choose_authen returns 1 Fri Apr 2 08:20:24 2010 [3417]: Writing AUTHEN/GETUSER size=55 Fri Apr 2 08:20:24 2010 [3417]: PACKET: key=tac_key Fri Apr 2 08:20:24 2010 [3417]: version 192 (0xc0), type 1, seq no 2, flags 0x1 Fri Apr 2 08:20:24 2010 [3417]: session_id 1720821293 (0x6691a62d), Data length 43 (0x2b) Fri Apr 2 08:20:24 2010 [3417]: End header Fri Apr 2 08:20:24 2010 [3417]: type=AUTHEN status=4 (AUTHEN/GETUSER) flags=0x0 Fri Apr 2 08:20:24 2010 [3417]: msg_len=37, data_len=0 Fri Apr 2 08:20:24 2010 [3417]: msg: Fri Apr 2 08:20:24 2010 [3417]: 0xa User Access Verification 0xa Fri Apr 2 08:20:24 2010 [3417]: data: Fri Apr 2 08:20:24 2010 [3417]: End packet Fri Apr 2 08:20:24 2010 [3417]: Waiting for packet Fri Apr 2 08:20:24 2010 [3417]: 10.x.x.x: exception on fd 6 Fri Apr 2 08:20:24 2010 [3417]: Read -1 bytes from 10.x.x.x tty1, expecting 12 Fri Apr 2 08:20:24 2010 [3417]: Error 10.x.x.x tty1: Null reply packet, expecting CONTINUE Fri Apr 2 08:20:24 2010 [3417]: 10.x.x.x: disconnect Appreciated for your help! Thanks! Lou -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100402/8d493c05/attachment.html From heas at shrubbery.net Fri Apr 2 20:12:32 2010 From: heas at shrubbery.net (john heasley) Date: Fri, 2 Apr 2010 20:12:32 +0000 Subject: [tac_plus] Re: tac_plus process automatically shutdown after too many login In-Reply-To: References: Message-ID: <20100402201232.GA14201@shrubbery.net> Fri, Apr 02, 2010 at 11:21:52AM -0500, Hailu Meng: > Hi there, > > I recently setup Ciscoworks to backup the cisco device configuration every > day. Right now I configured 126 devices in CiscoWorks to be back up. But > after Ciscoworks finished the scheduled backup job, I found my tac_plus > process has been stopped automatically. I checked the tac_plus log and found > the end of log file has one error: > Fri Apr 2 08:20:28 2010 [3417]: Error 10.x.x.x: Bad sequence number 3 > should be even > what does it mean? the sequence increments with each packet. its value depends upon where it is in the communication. either the device has become confused or you've enabled single-connection tacacs on the device, which neither IOS doesnt do properly and tac_plus doesnt support. > Some devices got successfully telneted and get into the enable mode. But > some devices failed. In addition, I found the below error, it seems the > device is not reachable but the device didn't have any issue at that time. > Is there any possiblity that the unexpected delay cause this issue? Can I > adjust some kind of timeout parameter in tac_plus to be suitable for the > situation? > > Fri Apr 2 08:20:24 2010 [3417]: Authen Start request > Fri Apr 2 08:20:24 2010 [3417]: choose_authen returns 1 > Fri Apr 2 08:20:24 2010 [3417]: Writing AUTHEN/GETUSER size=55 > Fri Apr 2 08:20:24 2010 [3417]: PACKET: key=tac_key > Fri Apr 2 08:20:24 2010 [3417]: version 192 (0xc0), type 1, seq no 2, flags > 0x1 > Fri Apr 2 08:20:24 2010 [3417]: session_id 1720821293 (0x6691a62d), Data > length 43 (0x2b) > Fri Apr 2 08:20:24 2010 [3417]: End header > Fri Apr 2 08:20:24 2010 [3417]: type=AUTHEN status=4 (AUTHEN/GETUSER) > flags=0x0 > Fri Apr 2 08:20:24 2010 [3417]: msg_len=37, data_len=0 > Fri Apr 2 08:20:24 2010 [3417]: msg: > Fri Apr 2 08:20:24 2010 [3417]: 0xa User Access Verification 0xa > Fri Apr 2 08:20:24 2010 [3417]: data: > Fri Apr 2 08:20:24 2010 [3417]: End packet > Fri Apr 2 08:20:24 2010 [3417]: Waiting for packet > Fri Apr 2 08:20:24 2010 [3417]: 10.x.x.x: exception on fd 6 > Fri Apr 2 08:20:24 2010 [3417]: Read -1 bytes from 10.x.x.x tty1, expecting > 12 > Fri Apr 2 08:20:24 2010 [3417]: Error 10.x.x.x tty1: Null reply packet, > expecting CONTINUE > Fri Apr 2 08:20:24 2010 [3417]: 10.x.x.x: disconnect > > Appreciated for your help! Thanks! > > Lou > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100402/8d493c05/attachment.html > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus From hailumeng at gmail.com Fri Apr 2 20:31:37 2010 From: hailumeng at gmail.com (Hailu Meng) Date: Fri, 2 Apr 2010 15:31:37 -0500 Subject: [tac_plus] Re: tac_plus process automatically shutdown after too many login In-Reply-To: <20100402201232.GA14201@shrubbery.net> References: <20100402201232.GA14201@shrubbery.net> Message-ID: Thanks John. But what is single-connection tacacs on the device? On Fri, Apr 2, 2010 at 3:12 PM, john heasley wrote: > Fri, Apr 02, 2010 at 11:21:52AM -0500, Hailu Meng: > > Hi there, > > > > I recently setup Ciscoworks to backup the cisco device configuration > every > > day. Right now I configured 126 devices in CiscoWorks to be back up. But > > after Ciscoworks finished the scheduled backup job, I found my tac_plus > > process has been stopped automatically. I checked the tac_plus log and > found > > the end of log file has one error: > > Fri Apr 2 08:20:28 2010 [3417]: Error 10.x.x.x: Bad sequence number 3 > > should be even > > what does it mean? > > the sequence increments with each packet. its value depends upon where > it is in the communication. > > either the device has become confused or you've enabled single-connection > tacacs on the device, which neither IOS doesnt do properly and tac_plus > doesnt support. > > > Some devices got successfully telneted and get into the enable mode. But > > some devices failed. In addition, I found the below error, it seems the > > device is not reachable but the device didn't have any issue at that > time. > > Is there any possiblity that the unexpected delay cause this issue? Can I > > adjust some kind of timeout parameter in tac_plus to be suitable for the > > situation? > > > > Fri Apr 2 08:20:24 2010 [3417]: Authen Start request > > Fri Apr 2 08:20:24 2010 [3417]: choose_authen returns 1 > > Fri Apr 2 08:20:24 2010 [3417]: Writing AUTHEN/GETUSER size=55 > > Fri Apr 2 08:20:24 2010 [3417]: PACKET: key=tac_key > > Fri Apr 2 08:20:24 2010 [3417]: version 192 (0xc0), type 1, seq no 2, > flags > > 0x1 > > Fri Apr 2 08:20:24 2010 [3417]: session_id 1720821293 (0x6691a62d), Data > > length 43 (0x2b) > > Fri Apr 2 08:20:24 2010 [3417]: End header > > Fri Apr 2 08:20:24 2010 [3417]: type=AUTHEN status=4 (AUTHEN/GETUSER) > > flags=0x0 > > Fri Apr 2 08:20:24 2010 [3417]: msg_len=37, data_len=0 > > Fri Apr 2 08:20:24 2010 [3417]: msg: > > Fri Apr 2 08:20:24 2010 [3417]: 0xa User Access Verification 0xa > > Fri Apr 2 08:20:24 2010 [3417]: data: > > Fri Apr 2 08:20:24 2010 [3417]: End packet > > Fri Apr 2 08:20:24 2010 [3417]: Waiting for packet > > Fri Apr 2 08:20:24 2010 [3417]: 10.x.x.x: exception on fd 6 > > Fri Apr 2 08:20:24 2010 [3417]: Read -1 bytes from 10.x.x.x tty1, > expecting > > 12 > > Fri Apr 2 08:20:24 2010 [3417]: Error 10.x.x.x tty1: Null reply packet, > > expecting CONTINUE > > Fri Apr 2 08:20:24 2010 [3417]: 10.x.x.x: disconnect > > > > Appreciated for your help! Thanks! > > > > Lou > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: > http://www.shrubbery.net/pipermail/tac_plus/attachments/20100402/8d493c05/attachment.html > > _______________________________________________ > > tac_plus mailing list > > tac_plus at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100402/809915ba/attachment.html From heas at shrubbery.net Fri Apr 2 20:42:01 2010 From: heas at shrubbery.net (john heasley) Date: Fri, 2 Apr 2010 13:42:01 -0700 Subject: [tac_plus] Re: tac_plus process automatically shutdown after too many login In-Reply-To: References: <20100402201232.GA14201@shrubbery.net> Message-ID: <20100402204201.GM17168@shrubbery.net> Fri, Apr 02, 2010 at 03:31:37PM -0500, Hailu Meng: > Thanks John. But what is single-connection tacacs on the device? its a tacacs option that will appear in the device's config. From hailumeng at gmail.com Fri Apr 2 21:13:08 2010 From: hailumeng at gmail.com (Hailu Meng) Date: Fri, 2 Apr 2010 16:13:08 -0500 Subject: [tac_plus] Re: tac_plus process automatically shutdown after too many login In-Reply-To: <20100402204201.GM17168@shrubbery.net> References: <20100402201232.GA14201@shrubbery.net> <20100402204201.GM17168@shrubbery.net> Message-ID: I don't have this configured in my device. So how can the device be confused when doing tacacs authentication? Any possible reason? Thanks!!! On Fri, Apr 2, 2010 at 3:42 PM, john heasley wrote: > Fri, Apr 02, 2010 at 03:31:37PM -0500, Hailu Meng: > > Thanks John. But what is single-connection tacacs on the device? > > its a tacacs option that will appear in the device's config. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100402/3331dadc/attachment.html From heas at shrubbery.net Fri Apr 2 21:33:02 2010 From: heas at shrubbery.net (john heasley) Date: Fri, 2 Apr 2010 14:33:02 -0700 Subject: [tac_plus] Re: tac_plus process automatically shutdown after too many login In-Reply-To: References: <20100402201232.GA14201@shrubbery.net> <20100402204201.GM17168@shrubbery.net> Message-ID: <20100402213302.GQ17168@shrubbery.net> Fri, Apr 02, 2010 at 04:13:08PM -0500, Hailu Meng: > I don't have this configured in my device. So how can the device be confused > when doing tacacs authentication? Any possible reason? Thanks!!! then, i don't know; could be a IOS bug. could be someone poking at your daemon. > On Fri, Apr 2, 2010 at 3:42 PM, john heasley wrote: > > > Fri, Apr 02, 2010 at 03:31:37PM -0500, Hailu Meng: > > > Thanks John. But what is single-connection tacacs on the device? > > > > its a tacacs option that will appear in the device's config. > > From hailumeng at gmail.com Mon Apr 12 13:41:22 2010 From: hailumeng at gmail.com (Hailu Meng) Date: Mon, 12 Apr 2010 08:41:22 -0500 Subject: [tac_plus] PAM error when login Message-ID: Hi All, I'm using PAM for Active Directory authentication. When I checked the debugging log from tac_plus, I noticed there is "Error 10.1.69.89 tty1: PAM_PROMPT_ECHO_OFF". My login was successful but I don't know what this error means. Googled it and didn't find good explanation. Thanks. Lou -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100412/b2196de8/attachment.html From hailumeng at gmail.com Mon Apr 12 13:38:54 2010 From: hailumeng at gmail.com (Hailu Meng) Date: Mon, 12 Apr 2010 08:38:54 -0500 Subject: [tac_plus] Re: tac_plus process automatically shutdown after too many login In-Reply-To: <20100402213302.GQ17168@shrubbery.net> References: <20100402201232.GA14201@shrubbery.net> <20100402204201.GM17168@shrubbery.net> <20100402213302.GQ17168@shrubbery.net> Message-ID: Yes, it is a bug from IOS. I upgraded to newer version. This just gone. Thanks! On Fri, Apr 2, 2010 at 4:33 PM, john heasley wrote: > Fri, Apr 02, 2010 at 04:13:08PM -0500, Hailu Meng: > > I don't have this configured in my device. So how can the device be > confused > > when doing tacacs authentication? Any possible reason? Thanks!!! > > then, i don't know; could be a IOS bug. could be someone poking at your > daemon. > > > On Fri, Apr 2, 2010 at 3:42 PM, john heasley wrote: > > > > > Fri, Apr 02, 2010 at 03:31:37PM -0500, Hailu Meng: > > > > Thanks John. But what is single-connection tacacs on the device? > > > > > > its a tacacs option that will appear in the device's config. > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100412/41ae5faf/attachment.html From heas at shrubbery.net Mon Apr 12 16:55:46 2010 From: heas at shrubbery.net (john heasley) Date: Mon, 12 Apr 2010 09:55:46 -0700 Subject: [tac_plus] Re: PAM error when login In-Reply-To: References: Message-ID: <20100412165546.GF822@shrubbery.net> Mon, Apr 12, 2010 at 08:41:22AM -0500, Hailu Meng: > Hi All, > > I'm using PAM for Active Directory authentication. When I checked the > debugging log from tac_plus, I noticed there is "Error 10.1.69.89 tty1: > PAM_PROMPT_ECHO_OFF". My login was successful but I don't know what this > error means. Googled it and didn't find good explanation. you can ignore that; it shouldn't be recorded as an error, rather as just debug info. it was a bug which has been fixed but not yet released. Index: pwlib.c =================================================================== --- pwlib.c (revision 3199) +++ pwlib.c (revision 3282) @@ -485,7 +485,7 @@ switch (pmpp[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: if (debug & DEBUG_PASSWD_FLAG) - report(LOG_ERR, "%s %s: PAM_PROMPT_ECHO_OFF", session.peer, + report(LOG_DEBUG, "%s %s: PAM_PROMPT_ECHO_OFF", session.peer, session.port); send_authen_reply(TAC_PLUS_AUTHEN_STATUS_GETPASS, @@ -514,7 +514,7 @@ break; case PAM_PROMPT_ECHO_ON: if (debug & DEBUG_PASSWD_FLAG) - report(LOG_ERR, "%s %s: PAM_PROMPT_ECHO_ON", session.peer, + report(LOG_DEBUG, "%s %s: PAM_PROMPT_ECHO_ON", session.peer, session.port); send_authen_reply(TAC_PLUS_AUTHEN_STATUS_GETDATA, From hailumeng at gmail.com Thu Apr 15 16:30:01 2010 From: hailumeng at gmail.com (Hailu Meng) Date: Thu, 15 Apr 2010 11:30:01 -0500 Subject: [tac_plus] Why tac_plus stopped after 3 times wrong input? Message-ID: Hi all, I'm using tac_plus for my cisco devices. Authenticate against active directory. Sometime I mistype my password and then after 3 time wrong input, the tac_plus seems not responding. The process is still shown in my redhat linux box. I must wait like 1 minute or less. Then tac_plus returns to normal. Is there any settings in tac_plus for this behavior? Or this is caused by active directory? Thanks a lot! Lou -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100415/728a77b3/attachment.html From heas at shrubbery.net Thu Apr 15 17:15:46 2010 From: heas at shrubbery.net (john heasley) Date: Thu, 15 Apr 2010 10:15:46 -0700 Subject: [tac_plus] Re: Why tac_plus stopped after 3 times wrong input? In-Reply-To: References: Message-ID: <20100415171546.GA10191@shrubbery.net> Thu, Apr 15, 2010 at 11:30:01AM -0500, Hailu Meng: > Hi all, > > I'm using tac_plus for my cisco devices. Authenticate against active > directory. Sometime I mistype my password and then after 3 time wrong input, > the tac_plus seems not responding. The process is still shown in my redhat > linux box. I must wait like 1 minute or less. Then tac_plus returns to > normal. Is there any settings in tac_plus for this behavior? Or this is > caused by active directory? it shouldn't be tac_plus. create a login w/ local authentication and try that. cut out the active directory junk. > Thanks a lot! > > Lou > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100415/728a77b3/attachment.html > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus From tim.gruenberg at gmx.de Thu Apr 22 07:55:26 2010 From: tim.gruenberg at gmx.de (Tim =?ISO-8859-1?Q?Gr=FCnberg?=) Date: Thu, 22 Apr 2010 09:55:26 +0200 Subject: [tac_plus] TACACS+ and IPv6 Message-ID: <1271922926.4142.1.camel@W1G162.kathrein.de> Hi there, is there a possibility to get your TACACS+ server working with IPv6 addresses? Perhaps this is interesting in the future, in cause of the low number of free IPv4 addresses. Thank you, Best regards, Tim Gr?nberg -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : http://www.shrubbery.net/pipermail/tac_plus/attachments/20100422/0b9dfbef/attachment.bin