[tac_plus] Possible Bug

Adam Schaeffer adam at fullspansolutions.com
Fri Mar 6 23:32:09 UTC 2015 

I am not a sophisocated software / linux guy by any means so this may already be a known bug or issue with the system OR even an error on my part:

I was using tac plus in a lab and noticed that accounting packets are not properly received when the pre shared key is 5 or fewer characters.


tac_plus -C /etc/tac_plus.conf -d 32768

Fri Mar  6 18:23:58 2015 [9694]: Reading config
Fri Mar  6 18:23:58 2015 [9694]: Version F4.0.4.28 Initialized 1
Fri Mar  6 18:23:58 2015 [9694]: tac_plus server F4.0.4.28 starting
Fri Mar  6 18:23:58 2015 [9694]: socket FD 5 AF 2
Fri Mar  6 18:23:58 2015 [9694]: socket FD 7 AF 10
Fri Mar  6 18:23:58 2015 [9694]: uid=0 euid=0 gid=0 egid=0 s=164214912
Fri Mar  6 18:24:04 2015 [9695]: connect from 192.168.130.1 [192.168.130.1]
Fri Mar  6 18:24:04 2015 [9695]: Error 192.168.130.1: acct minimum payload: 183, got: 112




Cisco version information:


R1-2811#sh version
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sun 09-Sep-12 04:01 by prod_rel_team

ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)

R1-2811 uptime is 1 week, 1 day, 22 hours, 52 minutes
System returned to ROM by reload at 01:31:19 UTC Thu Feb 26 2015
System image file is "flash:c2800nm-adventerprisek9-mz.124-24.T8.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export at cisco.com.

Cisco 2811 (revision 53.50) with 772096K/14336K bytes of memory.
Processor board ID FTX1002C2RX
6 FastEthernet interfaces
32 terminal lines
1 Channelized (E1 or T1)/PRI port
1 Virtual Private Network (VPN) Module
4 Voice FXO interfaces
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
500472K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102



Config snips:

aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 0 default
action-type start-stop
group tacacs+
!
aaa accounting commands 1 default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+


tacacs-server host 192.168.130.3 key cisco

I have access to a large array of Cisco hardware and unlimited access to IOS versions if you would like me to test against any other hardware and provide results in this matter or any others.

Thanks,

Adam Schaeffer
Owner / Sr. Engineer
Full Span Solutions LLC
717-715-9223

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150306/357ff1c7/attachment.html>

More information about the tac_plus mailing list