<div dir="ltr"><div>Let me know if there is a separate mailing list for do_auth related questions.</div><div><br></div><div>So I am trying to follow the do_auth.ini syntax and need some help.</div><div><br></div>I have setup the config file like below and failing to authorize.<div>
<br><div><div>Here is the do_auth.ini file</div><div><br></div><div>[users]<div>default =</div><div> noprivs</div><div>foo =</div><div> newgroup</div><div><br></div><div>[newgroup]</div><div>host_allow =</div><div>
.*</div>
<div>command_permit =</div><div> show configuration.*</div><div>device_permit =</div><div> .*</div><div><br></div><div>[noprivs]</div><div>host_deny =</div><div> .*</div><div>device_deny =</div><div> .*</div>
<div>
command_deny =</div><div> .*</div><div><br></div><div>Here is the error message</div><div><br></div><div><div>Username: iqbala</div><div>Password: </div><div>% Authorization failed.</div><div>Connection closed by foreign host.</div>
</div><div><br></div><div><br></div><div>Here is the relevant part in tacacs.conf</div><div><br></div><div><div>group = doauthaccess {</div><div> after authorization "/usr/bin/python /root/do_auth/do_auth.pyc -i $address -fix_crs_bug -u $user -d $name -l /root/do_auth/do_auth.log -f /root/do_auth/do_auth.ini"</div>
<div>}</div></div><div><br></div><div><div>user = foo {</div><div> login = PAM</div><div> member = doauthaccess</div><div>}</div></div><div><br></div><div>If I change the member to another group which is regular group</div>
<div>and not using after authorization, user ``foo'' can login fine.</div><div><br></div><div>I must not do doing something right. </div><div><br></div><div>Please advise.</div><div><br></div><div><br></div><div>
<br>
</div><div><br></div>-- <br>Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu">pgp.mit.edu</a><br>A: Because it messes up the order in which people normally read text.<br>Q: Why is top-posting such a bad thing?<br>
<br>
</div></div></div></div>