<div dir="ltr">It probably works best when the library is also called to WRITE the ini, which I don't do. (Library doesn't have much idiot checking in it) For most, I think tacacs is something you setup and mainly leave alone which is why I haven't done more.<div>
<br></div><div>Perhaps I should get with Jathan and work on detecting errors in the parsing, as this seems to be the biggest mistake people make, especially as some people don't care about multiple groups at all, they only want their tac_plus to work correctly with Nexus. Maybe including a default ini file with the download could help.</div>
<div><br></div><div>On a side note, while thanking Alan for his assisting while I was out, I have to also smile at a bit of irony in that the one person who was wary and wouldn't touch do_auth is now helping people with it. :-P Thanks Alan!</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Apr 3, 2014 at 11:48 AM, Alan McKinnon <span dir="ltr"><<a href="mailto:alan.mckinnon@gmail.com" target="_blank">alan.mckinnon@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Python indentation rules, yes I know that problem well :-)<br>
<br>
Good to hear you got it fixed.<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
On 03/04/2014 19:14, Mohan Reddy wrote:<br>
> Alan,<br>
> It worked, Sorry it was indentation in do_auth.ini script which has been<br>
> resolved now. Now my problem with multiple groups has been resolved.<br>
><br>
> Thanks,<br>
> Mohan<br>
><br>
> -----Original Message-----<br>
> From: <a href="mailto:tac_plus-bounces@shrubbery.net">tac_plus-bounces@shrubbery.net</a><br>
> [mailto:<a href="mailto:tac_plus-bounces@shrubbery.net">tac_plus-bounces@shrubbery.net</a>] On Behalf Of Alan McKinnon<br>
> Sent: Wednesday, April 02, 2014 11:10 PM<br>
> To: <a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
> Subject: Re: [tac_plus] Problem with creating Multiple groups for a single<br>
> user. (creating composite groups)<br>
><br>
> On 02/04/2014 20:23, Mohan Reddy wrote:<br>
>> Alan,<br>
>> As mentioned by you I used Dan's python script but I did receive a<br>
>> parsing error . Below is the error details and config details,<br>
>><br>
>> 2014-04-02 10:44:04,978 [CRITICAL]: Can't open/parse config file:<br>
>> '/usr/bin/do_auth.ini'<br>
><br>
><br>
> Does /usr/bin/do_auth.ini really exist?<br>
> What are the ownerships and permissions of that file?<br>
> As which user does tac_plus run?<br>
><br>
><br>
><br>
><br>
>> 2014-04-02 10:54:53,545 [CRITICAL]: Can't open/parse config file:<br>
>> '/usr/bin/do_auth.ini'<br>
>> 2014-04-02 10:59:28,184 [CRITICAL]: Can't open/parse config file:<br>
>> '/usr/bin/do_auth.ini'<br>
>><br>
>><br>
>> ----------------------------------------------------------------------<br>
>> ----<br>
>> -------------------------<br>
>> Configuration in Tacacs_conf file<br>
>> ----------------------------------------------------------------------<br>
>> ----<br>
>> -----------------------------<br>
>> user = test1 {<br>
>> member = doauthaccess<br>
>> }<br>
>><br>
>> group = doauthaccess {<br>
>> default service = permit<br>
>><br>
>> service = exec {<br>
>> priv-lvl = 15<br>
>> }<br>
>><br>
>> after authorization "/usr/bin/python /usr/bin/do_auth.py -i<br>
>> $address -u $user -d $name -l /usr/bin/log.txt -f /usr/bin/do_auth.ini"<br>
>> }<br>
>><br>
>> ----------------------------------------------------------------------<br>
>> ----<br>
>> -------------------------<br>
>> Configuration in do_auth.ini file<br>
>> ----------------------------------------------------------------------<br>
>> ----<br>
>> -----------------------------<br>
>><br>
>> [users]<br>
>> default =<br>
>> noprivs<br>
>> jathan =<br>
>> vdxgroup<br>
>> dans =<br>
>> vdxgroup<br>
>> test1 =<br>
>> readonly1<br>
>><br>
>> [readonly1]<br>
>> host_allow =<br>
>> .*<br>
>> device_permit =<br>
>> .*<br>
>> command_permit =<br>
>> .*<br>
>><br>
>> --------------------------------------------------------------<br>
>><br>
>> May I know what might be the issue.<br>
>><br>
>> Thanks,<br>
>> Mohan<br>
>> _______________________________________________<br>
>> tac_plus mailing list<br>
>> <a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
>> <a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
>><br>
>><br>
><br>
><br>
> --<br>
> Alan McKinnon<br>
> <a href="mailto:alan.mckinnon@gmail.com">alan.mckinnon@gmail.com</a><br>
><br>
> _______________________________________________<br>
> tac_plus mailing list<br>
> <a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
> <a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
><br>
<br>
<br>
--<br>
Alan McKinnon<br>
<a href="mailto:alan.mckinnon@gmail.com">alan.mckinnon@gmail.com</a><br>
<br>
_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
</div></div></blockquote></div><br></div>
<pre>
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.