<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"><meta name="Generator" content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal">Hi,</p><p class="MsoNormal">I am trying to create a composite group to assign it to an user but it’s not working and tacacs service fails when restarted. Below is the link which I followed</p>
<p class="MsoNormal"> </p><p class="MsoNormal"><a href="http://www.shrubbery.net/pipermail/tac_plus/2007-August/000125.html">http://www.shrubbery.net/pipermail/tac_plus/2007-August/000125.html</a></p><p class="MsoNormal">
</p><p class="MsoNormal"> </p><p class="MsoNormal">Below is the package details currently I have on my system</p><p class="MsoNormal"><span style="color:#c00000">Version: 4.0.4.19-11build1</span></p><p class="MsoNormal">
<span style="color:#c00000">Depends: libc6 (>= 2.14), libpam0g (>= 0.99.7.1), libtacacs+1, libwrap0 (>= 7.6-4~), adduser, python</span></p><p class="MsoNormal"><span style="color:#c00000">Conffiles:</span></p><p class="MsoNormal">
<span style="color:#c00000"> /etc/logrotate.d/tacacs+ cabd142065137950856da3a031d7121b</span></p><p class="MsoNormal"><span style="color:#c00000"> /etc/default/tacacs+ d794c7a21bf0a2fb3e8276958d096474</span></p><p class="MsoNormal">
<span style="color:#c00000"> /etc/init.d/tacacs_plus 56440b8721635d29ff42fea7d906c55d</span></p><p class="MsoNormal"><span style="color:#c00000"> /etc/tacacs+/tac_plus.conf a2d54ccc38d35fb06e5f08b4be23f17a</span></p><p class="MsoNormal">
<span style="color:#c00000">Description: TACACS+ authentication daemon</span></p><p class="MsoNormal"><span style="color:#c00000"> TACACS+ is a protocol (not TACACS or XTACACS) for authentication,</span></p><p class="MsoNormal">
<span style="color:#c00000"> authorization and accounting (AAA) services for routers and network devices.</span></p><p class="MsoNormal"><span style="color:#c00000">Original-Maintainer: Henry-Nicolas Tourneur <<a href="mailto:henry.nicolas@tourneur.be">henry.nicolas@tourneur.be</a>></span></p>
<p class="MsoNormal"><span style="color:#c00000">Homepage: <a href="http://www.shrubbery.net/tac_plus/">http://www.shrubbery.net/tac_plus/</a></span></p><p class="MsoNormal"><span style="color:#c00000"> </span></p><p class="MsoNormal">
</p><p class="MsoNormal">Below is sample of my configuration </p><p class="MsoNormal"> </p><p class="MsoNormal"><span style="color:#1f497d">acl = 1 {</span></p><p class="MsoNormal"><span style="color:#1f497d">permit = ^10\.190\.0\.</span></p>
<p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d">acl = 2 {</span></p><p class="MsoNormal"><span style="color:#1f497d">permit = ^172\.22\.</span></p><p class="MsoNormal">
<span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d"> </span></p><p class="MsoNormal"><span style="color:#1f497d"> </span></p><p class="MsoNormal"><span style="color:#1f497d">#test</span></p>
<p class="MsoNormal"><span style="color:#1f497d">group = readonly1 {</span></p><p class="MsoNormal"><span style="color:#1f497d">default service = deny</span></p><p class="MsoNormal"><span style="color:#1f497d">acl = 1</span></p>
<p class="MsoNormal"><span style="color:#1f497d">service = exec {</span></p><p class="MsoNormal"><span style="color:#1f497d">priv-lvl = 2</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal">
<span style="color:#1f497d">cmd = show {</span></p><p class="MsoNormal"><span style="color:#1f497d">permit .*</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d">cmd = conf {</span></p>
<p class="MsoNormal"><span style="color:#1f497d">permit .*</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d">cmd = bash {</span></p><p class="MsoNormal">
<span style="color:#1f497d">deny .*</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="color:#1f497d">#readonly - account</span></p><p class="MsoNormal"><span style="color:#1f497d">group = readonly2 {</span></p><p class="MsoNormal"><span style="color:#1f497d">default service = deny</span></p>
<p class="MsoNormal"><span style="color:#1f497d">acl = 2</span></p><p class="MsoNormal"><span style="color:#1f497d">service = exec {</span></p><p class="MsoNormal"><span style="color:#1f497d">priv-lvl = 2</span></p><p class="MsoNormal">
<span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d">cmd = show {</span></p><p class="MsoNormal"><span style="color:#1f497d">permit .*</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p>
<p class="MsoNormal"><span style="color:#1f497d">cmd = enable {</span></p><p class="MsoNormal"><span style="color:#1f497d">permit .*</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal">
<span style="color:#1f497d">cmd = conf {</span></p><p class="MsoNormal"><span style="color:#1f497d">deny .*</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d">cmd = bash {</span></p>
<p class="MsoNormal"><span style="color:#1f497d">permit .*</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d">cmd = clear {</span></p><p class="MsoNormal">
<span style="color:#1f497d">deny .*</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d">cmd = exit {</span></p><p class="MsoNormal"><span style="color:#1f497d">permit .*</span></p>
<p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d"> </span></p><p class="MsoNormal"><span style="color:#1f497d">#test</span></p>
<p class="MsoNormal"><span style="color:#1f497d">group = test_all {</span></p><p class="MsoNormal"><span style="color:#1f497d">member = readonly1</span></p><p class="MsoNormal"><span style="color:#1f497d">member = readonly2</span></p>
<p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d"> </span></p><p class="MsoNormal"><span style="color:#1f497d">user = mohan {</span></p><p class="MsoNormal"><span style="color:#1f497d">default service = deny</span></p>
<p class="MsoNormal"><span style="color:#1f497d">member = test_all</span></p><p class="MsoNormal"><span style="color:#1f497d">}</span></p><p class="MsoNormal"><span style="color:#1f497d"> </span></p><p class="MsoNormal">Thanks,</p>
<p class="MsoNormal">Mohan</p></div></body></html>