Plus the problem with BACP between the PM3 and NetGear routers (with
both sides saying it is the other's fault - I don't know which side is
at fault).
Also, I've reported a bug (actually over a year now since I first
reported it) that has been around at least since the Serivce-Type =
Administrative-User RADIUS stuff was implemented. If you have any
logins with a menu assigned via RADIUS (like our dialup users) and you
try to telnet to your PM3 and use one of those logins, you can't use an
Administrative-User login to telnet in to the PM3 anymore until you
reboot. The PM3 tries to request a menu but then rejects it as invalid.
This can be a denial of service thing. For example, I'm the only one
that knows the !root password on our PM3s, but several others have
Administrative-User access via RADIUS. That no longer works if someone,
intentionally or accidentally, tries to login using an account with a
menu in RADIUS.
This hit us because I setup RADIUS to use the same usernames/passwords
as dialup users for Administrative-User with a '!' prefix. Forget the
'!' and the PM3 has to be rebooted before you can telnet in as anything
other than !root.
I think once a PM3 gets in this state it may also cause some squirrelly
things with dialup users getting menus (they get the menu but if they
chose a telnet option, when they exit the telnet session they don't get
a menu - they get prompted for a password but nothing works), but I
haven't had time to nail that down and report it.
-- Chris Adams <cadams@ro.com> - System Administrator Renaissance Internet Services - IBS Interactive, Inc. Home: http://ro.com/~cadams - Public key: http://ro.com/~cadams/pubkey.txt I don't speak for anybody but myself - that's enough trouble. - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>