<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div><br>
</div>
<div>
<div>Hey John/list,</div>
<div><br>
</div>
<div>I’ve been banging my head on this all day. I’m hoping that since you replied you might have some insight into getting TAC+, Likewise, and PAM to play nice together.</div>
<div><br>
</div>
<div>I’m assuming that you have a modified pam.d module that handles the tac_plus authentication? I’ve tried to use different variations in my PAM module, with no success. Can you give me some tips on what you have working, if you have experience working
with Likewise? </div>
<div><br>
</div>
<div>Thanks, Matt</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>John Fraizer <<a href="mailto:john@op-sec.us">john@op-sec.us</a>><br>
<span style="font-weight:bold">Date: </span>Monday, March 30, 2015 at 12:53 PM<br>
<span style="font-weight:bold">To: </span>Matt Almgren <<a href="mailto:matta@surveymonkey.com">matta@surveymonkey.com</a>><br>
<span style="font-weight:bold">Cc: </span>"<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a>" <<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [tac_plus] Authentication using Likewise and AD<br>
</div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">Configure tac_plus to use password = PAM and it will authenticate via whatever mechanism(s) PAM is configured to use. With that said, bear in mind that using LDAP for network auth isn't exactly the best idea. When you have a problem with your
LDAP server, tac_plus doesn't know. It just acts as if your credentials are wrong and you're unable to log into network devices. It is even MORE fun because you can't even log into your tac_plus server and shut down tac_plus so your network devices will
use "local" authentication because the server is ALSO using LDAP to authenticate.
<div><br>
</div>
<div>Just some things to keep in mind.</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>--</div>
John Fraizer
<div>LinkedIn profile: <a href="http://www.linkedin.com/in/johnfraizer/" target="_blank">
http://www.linkedin.com/in/johnfraizer/</a></div>
<div><br>
<div><span style="color: rgb(53, 53, 53); font-family: Arial, sans-serif; font-size: 12px; line-height: 12px; background-color: rgb(244, 244, 244);"><br>
</span></div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Mon, Mar 30, 2015 at 11:36 AM, Matt Almgren <span dir="ltr">
<<a href="mailto:matta@surveymonkey.com" target="_blank">matta@surveymonkey.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Hello all, I’ve recently joined another company that uses Likewise for authentication against AD. Does anyone have any experience working with Likewise and using it with TAC+? I’m assuming that if I configure PAM with TAC+, it will pass those authentication
requests on to the AD server?<br>
<br>
We’re running Ubuntu 14.04.1 LTS and the latest version of tac_plus, if that helps.<br>
<br>
Thanks, Matt<br>
<br>
<br>
--<br>
Matt Almgren<br>
Sr. Networking Engineer | SurveyMonkey<br>
<br>
<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://www.shrubbery.net/pipermail/tac_plus/attachments/20150330/8a6e9d43/attachment.html" target="_blank">http://www.shrubbery.net/pipermail/tac_plus/attachments/20150330/8a6e9d43/attachment.html</a>><br>
_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</span>
</body>
</html>