<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div><div><div>"I have serveral procurve models (2510,2610, 5120,4100) working well with tac_plus, in some models I have needed to upgrade the firmware to use privilege attributes."</div><div><br></div><div>This is what the problem turned out to be. After a night firmware updates, these procurves now play nice enough with tac_plus. It should be said though that it only works if priv-lvl 15 is defined for users in tac_plus.conf on the server side and on the switch side, issuing the command 'aaa authentication login privilege-mode'. These switches still don't seem to pass the username when logging in to user-mode and then to enable. </div><div><br></div><div>For my environment this works as there are no level 1 network technicians who would utilize operator mode. I could see for some however, that it could represent a problem.</div><div><br></div><div>Thanks for your help!</div><div><br></div><div><div><div><p style="margin: 0.0px 0.0px 0.0px 0.0px; text-align: center; font: 16.0px Arial; color: #245e8c"><b>David Midlo</b></p><p style="margin: 0.0px 0.0px 0.0px 0.0px; text-align: center; font: 10.0px Arial; color: #245e8c">Discovery | Integrity | Will | Organic | Stewardship</p><p style="margin: 0.0px 0.0px 0.0px 0.0px; text-align: center; font: 10.0px Arial; color: #245e8c; min-height: 11.0px"><br></p><p style="margin: 0.0px 0.0px 0.0px 0.0px; text-align: center; font: 10.0px Arial; color: #245e8c">Interim Network Administrator</p><p style="margin: 0.0px 0.0px 0.0px 0.0px; text-align: center; font: 10.0px Arial; color: #245e8c">Independent School District 15 - St Francis, Minnesota</p><p style="margin: 0.0px 0.0px 0.0px 0.0px; text-align: center; font: 10.0px Arial; color: #245e8c">Office of School Technology</p><p style="margin: 0.0px 0.0px 0.0px 0.0px; text-align: center; font: 10.0px Arial; color: #245e8c; min-height: 11.0px"><br></p><p style="margin: 0.0px 0.0px 0.0px 0.0px; text-align: center; font: 10.0px Arial; color: #245e8c">Office 763 753 7154 Mobile 763 286 6335</p><p style="margin: 0.0px 0.0px 0.0px 0.0px; text-align: center; font: 11.0px Calibri; color: #1c39f6"><span style="text-decoration: underline"><a href="http://www.stfrancis.k12.mn.us/">District Information</a></span><span style="color: #000000"> | </span><span style="color: #245e8c"> <a href="http://www.google.com/calendar/embed?src=david.midlo@stfrancis.k12.mn.us&ctz=America/Chicago"><span style="text-decoration: underline ; color: #1c39f6">Calendar</span></a> </span><span style="color: #000000"> | <a href="http://saints/OST/Lists/Helpdesk%20Request/NewForm.aspx"><span style="text-decoration: underline">Helpdesk Request </span></a></span><span style="color: #245e8c"> </span></p></div></div><div><span style="color: #245e8c"><br></span></div></div></div></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Antonio Ojea Garcia <<a href="mailto:antonio.ojea.garcia@gmail.com">antonio.ojea.garcia@gmail.com</a>><br><span style="font-weight:bold">To: </span> "David J. Midlo" <<a href="mailto:david.midlo@stfrancis.k12.mn.us">david.midlo@stfrancis.k12.mn.us</a>><br><span style="font-weight:bold">Cc: </span> "<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a>" <<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a>><br><span style="font-weight:bold">Subject: </span> Re: [tac_plus] Advice for HP Procurve 2626 switches<br></div><div><br></div><div><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div>
Hello,
<div><br></div><div>Could you try to put this on your tac_plus.conf ?: </div><div><br></div><div>user = $enable$ {</div><div> login = cleartext "password"</div><div>}</div><div><br></div><div><br></div><div>I have serveral procurve models (2510,2610, 5120,4100) working well with tac_plus, in some models I have needed to upgrade the firmware to use privilege attributes.</div><div><br></div><div>Also you don't have the tacacs key in your procurve configuration, dont forget it ;)</div><div><br><div class="gmail_quote">2012/6/6 David Midlo <span dir="ltr"><<a href="mailto:David.Midlo@stfrancis.k12.mn.us" target="_blank">David.Midlo@stfrancis.k12.mn.us</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br><br>
It seems HP Procurves don't report back the username when moving to enable mode. The reply after entering the password is 'invalid password'. You can find my config here
<a href="http://pastebin.com/MAyFLxxF" target="_blank">http://pastebin.com/MAyFLxxF</a> the switch is configured with the key (removed from paste).<br><br>
I'm having trouble finding any documentation as to how to approach this issue, any example configs or modifications/directives would be greatly appreciated.<br><br>
With regards,<br><br>
David Midlo<br><br>
David Midlo<br>
Discovery | Integrity | Will | Organic | Stewardship<br><br>
Interim Network Administrator<br>
Independent School District 15 - St Francis, Minnesota<br>
Office of School Technology<br><br>
Office 763 753 7154 Mobile 763 286 6335<br>
District Information<<a href="http://www.stfrancis.k12.mn.us/" target="_blank">http://www.stfrancis.k12.mn.us/</a>> | Calendar<<a href="http://www.google.com/calendar/embed?src=david.midlo%40stfrancis.k12.mn.us&ctz=America/Chicago%22%20style=%22border:%200%22%20width=%22800%22%20height=%22600%22%20frameborder=%220%22%20scrolling=%22no%22" target="_blank">http://www.google.com/calendar/embed?src=david.midlo%40stfrancis.k12.mn.us&ctz=America/Chicago%22%20style=%22border:%200%22%20width=%22800%22%20height=%22600%22%20frameborder=%220%22%20scrolling=%22no%22</a>>
| Helpdesk Request <<a href="http://saints/OST/Lists/Helpdesk%20Request/NewForm.aspx" target="_blank">http://saints/OST/Lists/Helpdesk%20Request/NewForm.aspx</a>><br><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://www.shrubbery.net/pipermail/tac_plus/attachments/20120606/1ae33eb2/attachment.html" target="_blank">http://www.shrubbery.net/pipermail/tac_plus/attachments/20120606/1ae33eb2/attachment.html</a>><br>
_______________________________________________<br>
tac_plus mailing list<br><a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br><a href="http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus</a><br></blockquote></div><br></div></div></div></span></body></html>